Hi Ishara, On 11 March 2016 at 14:27, Ishara Cooray <[email protected]> wrote:
> Hi Malithi/Pushpalanka, > > I tried renewing access token by invoking TokenAPi. Below is my CURL. > > curl -d > "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION" > -H "Authorization:Basic > bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh, > Content-Type: application/x-www-form-urlencoded" > https://api.cloudstaging.wso2.com:8243/token -v > Headers should be sent separately as given in [1] [1] https://wso2.org/jira/browse/APIMANAGER-4452 Thanks, Lakmali > I get Authentication failed error from the above command and Error Error > decoding authorization header. Space delimited "<authMethod> <base64Hash>" > format violated. was observed in the keymanager console where we have APIM > 1.10.0 > {"error":"invalid_client","error_description":"Client Authentication > failed."} > > Followed the doc [1]. What could have went wrong? > > If i use the curl --user Client_Id:Client_Secret as pushpalanka suggested > i get > {"error":"invalid_grant","error_description":"Provided Authorization Grant > is invalid"} > > > Console Log: > > ERROR {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} > - Error while extracting credentials from authorization header > {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} > org.wso2.carbon.identity.oauth.common.exception.OAuthClientException: > Error decoding authorization header. Space delimited "<authMethod> > <base64Hash>" format violated. > at > org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152) > at > org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82) > at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) > at > org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:744) > > [1]https://docs.wso2.com/display/APICloud/Token+API > > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > On Wed, Oct 7, 2015 at 11:03 PM, Hasintha Indrajee <[email protected]> > wrote: > >> We have the same logic in few places to extract authorization header (Not >> only in Oauth). >> >> On Wed, Oct 7, 2015 at 10:59 PM, Malithi Edirisinghe <[email protected]> >> wrote: >> >>> Hi Hasintha, >>> >>> I don't see any usecase for using multiple authorization header values >>> here. This is used for OAuth Client Authentication [1]. There we don't have >>> multiple client credentials right. >>> >>> [1] https://tools.ietf.org/html/rfc6749#section-2.3 >>> >>> On Wed, Oct 7, 2015 at 10:21 PM, Hasintha Indrajee <[email protected]> >>> wrote: >>> >>>> Hi Malithi, >>>> >>>> What happens if we include multiple authorization header values in the >>>> same header ? As [1] says we can use comma separated values for the same >>>> header values. Is there a valid use case where we can use two authorization >>>> header values ?. If so we need to handle this within the logic you stated. >>>> >>>> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 >>>> >>>> On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa <[email protected]> >>>> wrote: >>>> >>>>> @Malithi, >>>>> Thank you very much for the detailed explanation.Yes when i was >>>>> debugging the method extract* "Authorization:Basic xxxxxxxxxxxxxx" -H >>>>> "Content-Type: application/x-www-form-urlencoded"* and then split >>>>> it.thanks again for the explanation. >>>>> >>>>> Cheers. >>>>> >>>>> Kamidu Sachith Punchihewa >>>>> *Software Engineer* >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>> >>>>> >>>>> Disclaimer: This communication may contain privileged or other >>>>> confidential information and is intended exclusively for the addressee/s. >>>>> If you are not the intended recipient/s, or believe that you may have >>>>> received this communication in error, please reply to the sender >>>>> indicating >>>>> that fact and delete the copy you received and in addition, you should not >>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>> contained in this communication. Internet communications cannot be >>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>> accept liability for any errors or omissions. >>>>> >>>>> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe <[email protected] >>>>> > wrote: >>>>> >>>>>> Hi Sachith, >>>>>> >>>>>> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects >>>>>> the value of the 'Authorization' header. Please refer [1]. Here the value >>>>>> of the 'Authorization' header is passed to the method which is directly >>>>>> taken from the servlet request. >>>>>> And when decoding the header it expects the value to be in >>>>>> '<authMethod> <base64Hash>' format. >>>>>> >>>>>> So actually what's wrong here is the curl you have posted. It should >>>>>> be like below. >>>>>> >>>>>> curl -k -d "grant_type=password&username=admin&password=admin" -H >>>>>> "Authorization:Basic xxxxxxxxxxxxxx" -H "Content-Type: >>>>>> application/x-www-form-urlencoded" >>>>>> https://localhost:9443/oauth2/token >>>>>> >>>>>> So this adds the two headers properly. >>>>>> In your case the value of the 'Authorization' header is 'Basic >>>>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Content-Type: >>>>>> application/x-www-form-urlencoded' which is not in the expected format. >>>>>> That's why you see the error 'Error decoding authorization header. >>>>>> Space delimited \"<authMethod> <base64Hash>\" format violated.' >>>>>> >>>>>> Further, if you try out the curl command that Pushpalanka has posted >>>>>> you will note that it works. >>>>>> >>>>>> [1] >>>>>> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86 >>>>>> >>>>>> Thanks, >>>>>> Malithi. >>>>>> >>>>>> >>>>>> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> @Pushpalanka I used that then it gives me an error indicating >>>>>>> "Client Authentication failed". >>>>>>> >>>>>>> This issues was not there in the IS 5.0.0. I did a debugging and >>>>>>> found the issue. I have send a pull request regarding this. >>>>>>> >>>>>>> Thanks and Regards. >>>>>>> Kamidu Sachith Punchihewa >>>>>>> *Software Engineer* >>>>>>> WSO2, Inc. >>>>>>> lean . enterprise . middleware >>>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>>> >>>>>>> >>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>> confidential information and is intended exclusively for the >>>>>>> addressee/s. >>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>> received this communication in error, please reply to the sender >>>>>>> indicating >>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>> not >>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>> contained in this communication. Internet communications cannot be >>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>> not >>>>>>> accept liability for any errors or omissions. >>>>>>> >>>>>>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Optionally, can you try with below command format and check, >>>>>>>> >>>>>>>> curl --user Client_Id:Client_Secret -k -d >>>>>>>> "grant_type=password&username=admin&password=admin" -H >>>>>>>> "Content-Type:application/x-www-form-urlencoded" >>>>>>>> https://localhost:9443/oauth2/token >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Pushpalanka. >>>>>>>> -- >>>>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>>>>> Mobile: +94779716248 >>>>>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> I am currently using a locally build of IS Server from the latest >>>>>>>>> code.When i try to get a OAuth Access token via a curl execution i am >>>>>>>>> getting an error. >>>>>>>>> >>>>>>>>> Curl Format used : >>>>>>>>> >>>>>>>>> *curl**<SPACE>**-k**<SPACE>**-d**<SPACE>* >>>>>>>>>> *"grant_type=password&username=userNamepasswork&=**passWord* >>>>>>>>>> *&tenantDomain=carbon.super"**<SPACE>**-H**<SPACE>* >>>>>>>>>> *"Authorization:Basic**<SPACE>**Base 64 encoded >>>>>>>>>> clientID:clientSecret,**<SPACE>**Content-Type:**<SPACE>* >>>>>>>>>> *application/x-www-form-urlencoded"**<SPACE>**https://localhost:9443/oauth2/token >>>>>>>>>> <https://localhost:9443/oauth2/token>* >>>>>>>>> >>>>>>>>> >>>>>>>>> Actual command : >>>>>>>>> >>>>>>>>> curl -k -d >>>>>>>>>> "grant_type=password&username=xxxxx&password=xxxxx&tenantDomain=carbon.super" >>>>>>>>>> -H "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, >>>>>>>>>> Content-Type: application/x-www-form-urlencoded" >>>>>>>>>> https://localhost:9443/oauth2/token >>>>>>>>> >>>>>>>>> >>>>>>>>> Error : >>>>>>>>> >>>>>>>>> "Error decoding authorization header. Space delimited >>>>>>>>>> \"<authMethod> <base64Hash>\" format violated." >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Is there is a issue with the curl command i am using here ? >>>>>>>>> >>>>>>>>> Thanks and Regards. >>>>>>>>> Kamidu Sachith Punchihewa >>>>>>>>> *Software Engineer* >>>>>>>>> WSO2, Inc. >>>>>>>>> lean . enterprise . middleware >>>>>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>>>>> >>>>>>>>> >>>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>>> confidential information and is intended exclusively for the >>>>>>>>> addressee/s. >>>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>>> received this communication in error, please reply to the sender >>>>>>>>> indicating >>>>>>>>> that fact and delete the copy you received and in addition, you >>>>>>>>> should not >>>>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>>>> not >>>>>>>>> accept liability for any errors or omissions. >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Malithi Edirisinghe* >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. >>>>>> >>>>>> Mobile : +94 (0) 718176807 >>>>>> [email protected] >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Hasintha Indrajee >>>> Software Engineer >>>> WSO2, Inc. >>>> Mobile:+94 771892453 >>>> >>>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Senior Software Engineer >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> [email protected] >>> >> >> >> >> -- >> Hasintha Indrajee >> Software Engineer >> WSO2, Inc. >> Mobile:+94 771892453 >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- Lakmali Baminiwatta Senior Software Engineer WSO2, Inc.: http://wso2.com lean.enterprise.middleware mobile: +94 71 2335936 blog : lakmali.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
