Hi,
I am trying to set up a delegated authn to a generic OAuth2 server and am
running into problems.
When I access the external server through curl (with the cas.properties
below), I can authenticate, get an access token and then the user profile
with no problem.
When I try through CAS 5.3.14, I get this error:
Caused by: com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse:
{"error": "invalid_client"}
at
com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.generateError(OAuth2AccessTokenJsonExtractor.java:75)
~[scribejava-co
re-5.6.0.jar!/:?]
at
com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:46)
~[scribejava-core-5.6
.0.jar!/:?]
at
com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:16)
~[scribejava-core-5.6
.0.jar!/:?]
at
com.github.scribejava.core.oauth.OAuth20Service.sendAccessTokenRequestSync(OAuth20Service.java:44)
~[scribejava-core-5.6.0.jar!/:?]
at
com.github.scribejava.core.oauth.OAuth20Service.getAccessToken(OAuth20Service.java:80)
~[scribejava-core-5.6.0.jar!/:?]
at
com.github.scribejava.core.oauth.OAuth20Service.getAccessToken(OAuth20Service.java:73)
~[scribejava-core-5.6.0.jar!/:?]
at
org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.retrieveAccessToken(OAuth20Authenticator.java:34)
~[pac4j-oauth-3.6.1.jar!/
:?]
at
org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:38)
~[pac4j-oauth-3.6.1.jar!/:?]
... 105 more
This leads to a bunch of other exceptions. Does anyone have any idea why
this would be? Why can I get an access token with this curl command:
curl --location --request POST 'https://auth.mwatelescope.org/oauth/token' \
--form 'code="<VALID_CODE>"' \
--form 'grant_type="authorization_code"' \
--form 'redirect_uri="https://dev.datacentral.org.au/cas/login?client_name=<
<https://dev.datacentral.org.au/cas/login?client_name=AAOOAuth2>CLIENT_NAME>"'
\
--form 'scope="profile"' \
--form 'client_id="<CLIENT_ID>"' \
--form 'client_secret="<CLIENT_SECRET>"'
But not with CAS?
Here is the relevant part of my cas.properties:
# OAuth2.0 client delegation for MWA ASVO
cas.authn.pac4j.oauth2[0].authUrl=
https://auth.mwatelescope.org/oauth/authorize
cas.authn.pac4j.oauth2[0].tokenUrl=https://auth.mwatelescope.org/oauth/token
cas.authn.pac4j.oauth2[0].profileUrl=https://auth.mwatelescope.org/api/me
cas.authn.pac4j.oauth2[0].profileVerb=GET
cas.authn.pac4j.oauth2[0].id=<CLIENT_ID>
cas.authn.pac4j.oauth2[0].secret=<CLIENT_SECRET>
cas.authn.pac4j.oauth2[0].clientName=<CLIENT_NAME>
cas.authn.pac4j.oauth2[0].customParams.scope=profile
Thanks for any ideas!
Simon
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4087cfd5-455e-441f-95cd-7c6a44011d46n%40apereo.org.
