Hi Malithi/Pushpalanka, I tried renewing access token by invoking TokenAPi. Below is my CURL.
curl -d "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION" -H "Authorization:Basic bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh, Content-Type: application/x-www-form-urlencoded" https://api.cloudstaging.wso2.com:8243/token -v I get Authentication failed error from the above command and Error Error decoding authorization header. Space delimited "<authMethod> <base64Hash>" format violated. was observed in the keymanager console where we have APIM 1.10.0 {"error":"invalid_client","error_description":"Client Authentication failed."} Followed the doc [1]. What could have went wrong? If i use the curl --user Client_Id:Client_Secret as pushpalanka suggested i get {"error":"invalid_grant","error_description":"Provided Authorization Grant is invalid"} Console Log: ERROR {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} - Error while extracting credentials from authorization header {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} org.wso2.carbon.identity.oauth.common.exception.OAuthClientException: Error decoding authorization header. Space delimited "<authMethod> <base64Hash>" format violated. at org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152) at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82) at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:744) [1]https://docs.wso2.com/display/APICloud/Token+API Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware On Wed, Oct 7, 2015 at 11:03 PM, Hasintha Indrajee <[email protected]> wrote: > We have the same logic in few places to extract authorization header (Not > only in Oauth). > > On Wed, Oct 7, 2015 at 10:59 PM, Malithi Edirisinghe <[email protected]> > wrote: > >> Hi Hasintha, >> >> I don't see any usecase for using multiple authorization header values >> here. This is used for OAuth Client Authentication [1]. There we don't have >> multiple client credentials right. >> >> [1] https://tools.ietf.org/html/rfc6749#section-2.3 >> >> On Wed, Oct 7, 2015 at 10:21 PM, Hasintha Indrajee <[email protected]> >> wrote: >> >>> Hi Malithi, >>> >>> What happens if we include multiple authorization header values in the >>> same header ? As [1] says we can use comma separated values for the same >>> header values. Is there a valid use case where we can use two authorization >>> header values ?. If so we need to handle this within the logic you stated. >>> >>> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 >>> >>> On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa <[email protected]> >>> wrote: >>> >>>> @Malithi, >>>> Thank you very much for the detailed explanation.Yes when i was >>>> debugging the method extract* "Authorization:Basic xxxxxxxxxxxxxx" -H >>>> "Content-Type: application/x-www-form-urlencoded"* and then split >>>> it.thanks again for the explanation. >>>> >>>> Cheers. >>>> >>>> Kamidu Sachith Punchihewa >>>> *Software Engineer* >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>> >>>> >>>> Disclaimer: This communication may contain privileged or other >>>> confidential information and is intended exclusively for the addressee/s. >>>> If you are not the intended recipient/s, or believe that you may have >>>> received this communication in error, please reply to the sender indicating >>>> that fact and delete the copy you received and in addition, you should not >>>> print, copy, retransmit, disseminate, or otherwise use the information >>>> contained in this communication. Internet communications cannot be >>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>> accept liability for any errors or omissions. >>>> >>>> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe <[email protected]> >>>> wrote: >>>> >>>>> Hi Sachith, >>>>> >>>>> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects >>>>> the value of the 'Authorization' header. Please refer [1]. Here the value >>>>> of the 'Authorization' header is passed to the method which is directly >>>>> taken from the servlet request. >>>>> And when decoding the header it expects the value to be in >>>>> '<authMethod> <base64Hash>' format. >>>>> >>>>> So actually what's wrong here is the curl you have posted. It should >>>>> be like below. >>>>> >>>>> curl -k -d "grant_type=password&username=admin&password=admin" -H >>>>> "Authorization:Basic xxxxxxxxxxxxxx" -H "Content-Type: >>>>> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token >>>>> >>>>> So this adds the two headers properly. >>>>> In your case the value of the 'Authorization' header is 'Basic >>>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Content-Type: >>>>> application/x-www-form-urlencoded' which is not in the expected format. >>>>> That's why you see the error 'Error decoding authorization header. >>>>> Space delimited \"<authMethod> <base64Hash>\" format violated.' >>>>> >>>>> Further, if you try out the curl command that Pushpalanka has posted >>>>> you will note that it works. >>>>> >>>>> [1] >>>>> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86 >>>>> >>>>> Thanks, >>>>> Malithi. >>>>> >>>>> >>>>> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> @Pushpalanka I used that then it gives me an error indicating "Client >>>>>> Authentication failed". >>>>>> >>>>>> This issues was not there in the IS 5.0.0. I did a debugging and >>>>>> found the issue. I have send a pull request regarding this. >>>>>> >>>>>> Thanks and Regards. >>>>>> Kamidu Sachith Punchihewa >>>>>> *Software Engineer* >>>>>> WSO2, Inc. >>>>>> lean . enterprise . middleware >>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>> >>>>>> >>>>>> Disclaimer: This communication may contain privileged or other >>>>>> confidential information and is intended exclusively for the addressee/s. >>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>> received this communication in error, please reply to the sender >>>>>> indicating >>>>>> that fact and delete the copy you received and in addition, you should >>>>>> not >>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>> contained in this communication. Internet communications cannot be >>>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>>> accept liability for any errors or omissions. >>>>>> >>>>>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Optionally, can you try with below command format and check, >>>>>>> >>>>>>> curl --user Client_Id:Client_Secret -k -d >>>>>>> "grant_type=password&username=admin&password=admin" -H >>>>>>> "Content-Type:application/x-www-form-urlencoded" >>>>>>> https://localhost:9443/oauth2/token >>>>>>> >>>>>>> Thanks, >>>>>>> Pushpalanka. >>>>>>> -- >>>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>>>> Mobile: +94779716248 >>>>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>>>> >>>>>>> >>>>>>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> I am currently using a locally build of IS Server from the latest >>>>>>>> code.When i try to get a OAuth Access token via a curl execution i am >>>>>>>> getting an error. >>>>>>>> >>>>>>>> Curl Format used : >>>>>>>> >>>>>>>> *curl**<SPACE>**-k**<SPACE>**-d**<SPACE>* >>>>>>>>> *"grant_type=password&username=userNamepasswork&=**passWord* >>>>>>>>> *&tenantDomain=carbon.super"**<SPACE>**-H**<SPACE>* >>>>>>>>> *"Authorization:Basic**<SPACE>**Base 64 encoded >>>>>>>>> clientID:clientSecret,**<SPACE>**Content-Type:**<SPACE>* >>>>>>>>> *application/x-www-form-urlencoded"**<SPACE>**https://localhost:9443/oauth2/token >>>>>>>>> <https://localhost:9443/oauth2/token>* >>>>>>>> >>>>>>>> >>>>>>>> Actual command : >>>>>>>> >>>>>>>> curl -k -d >>>>>>>>> "grant_type=password&username=xxxxx&password=xxxxx&tenantDomain=carbon.super" >>>>>>>>> -H "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, >>>>>>>>> Content-Type: application/x-www-form-urlencoded" >>>>>>>>> https://localhost:9443/oauth2/token >>>>>>>> >>>>>>>> >>>>>>>> Error : >>>>>>>> >>>>>>>> "Error decoding authorization header. Space delimited >>>>>>>>> \"<authMethod> <base64Hash>\" format violated." >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Is there is a issue with the curl command i am using here ? >>>>>>>> >>>>>>>> Thanks and Regards. >>>>>>>> Kamidu Sachith Punchihewa >>>>>>>> *Software Engineer* >>>>>>>> WSO2, Inc. >>>>>>>> lean . enterprise . middleware >>>>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>>>> >>>>>>>> >>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>> confidential information and is intended exclusively for the >>>>>>>> addressee/s. >>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>> received this communication in error, please reply to the sender >>>>>>>> indicating >>>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>>> not >>>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>>> not >>>>>>>> accept liability for any errors or omissions. >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Senior Software Engineer >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> [email protected] >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Hasintha Indrajee >>> Software Engineer >>> WSO2, Inc. >>> Mobile:+94 771892453 >>> >>> >> >> >> -- >> >> *Malithi Edirisinghe* >> Senior Software Engineer >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> [email protected] >> > > > > -- > Hasintha Indrajee > Software Engineer > WSO2, Inc. > Mobile:+94 771892453 > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
