Thanks Lakmali. It works! It works for the password grant type as you have pointed out. But for refresh_token grant type i get Provided Authorization Grant is invalid error.
curl -k -d "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION" -H "Authorization: Basic bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh" -H "Content-Type: application/x-www-form-urlencoded" https://api.cloudstaging.wso2.com:8243/token {"error":"invalid_grant","error_description":"Provided Authorization Grant is invalid"} is there something to change here? Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware On Fri, Mar 11, 2016 at 2:30 PM, Lakmali Baminiwatta <[email protected]> wrote: > Hi Ishara, > > On 11 March 2016 at 14:27, Ishara Cooray <[email protected]> wrote: > >> Hi Malithi/Pushpalanka, >> >> I tried renewing access token by invoking TokenAPi. Below is my CURL. >> >> curl -d >> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION" >> -H "Authorization:Basic >> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh, >> Content-Type: application/x-www-form-urlencoded" >> https://api.cloudstaging.wso2.com:8243/token -v >> > > Headers should be sent separately as given in [1] > > [1] https://wso2.org/jira/browse/APIMANAGER-4452 > > Thanks, > Lakmali > >> I get Authentication failed error from the above command and Error Error >> decoding authorization header. Space delimited "<authMethod> <base64Hash>" >> format violated. was observed in the keymanager console where we have APIM >> 1.10.0 >> {"error":"invalid_client","error_description":"Client Authentication >> failed."} >> >> Followed the doc [1]. What could have went wrong? >> >> If i use the curl --user Client_Id:Client_Secret as pushpalanka suggested >> i get >> {"error":"invalid_grant","error_description":"Provided Authorization >> Grant is invalid"} >> >> >> Console Log: >> >> ERROR >> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} - >> Error while extracting credentials from authorization header >> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} >> org.wso2.carbon.identity.oauth.common.exception.OAuthClientException: >> Error decoding authorization header. Space delimited "<authMethod> >> <base64Hash>" format violated. >> at >> org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152) >> at >> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82) >> at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at >> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) >> at >> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) >> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) >> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) >> at >> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) >> at >> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) >> at >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >> at >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >> at >> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) >> at >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >> at >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >> at >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >> at >> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >> at >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) >> at >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >> at >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >> at >> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >> at >> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:744) >> >> [1]https://docs.wso2.com/display/APICloud/Token+API >> >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Wed, Oct 7, 2015 at 11:03 PM, Hasintha Indrajee <[email protected]> >> wrote: >> >>> We have the same logic in few places to extract authorization header >>> (Not only in Oauth). >>> >>> On Wed, Oct 7, 2015 at 10:59 PM, Malithi Edirisinghe <[email protected]> >>> wrote: >>> >>>> Hi Hasintha, >>>> >>>> I don't see any usecase for using multiple authorization header values >>>> here. This is used for OAuth Client Authentication [1]. There we don't have >>>> multiple client credentials right. >>>> >>>> [1] https://tools.ietf.org/html/rfc6749#section-2.3 >>>> >>>> On Wed, Oct 7, 2015 at 10:21 PM, Hasintha Indrajee <[email protected]> >>>> wrote: >>>> >>>>> Hi Malithi, >>>>> >>>>> What happens if we include multiple authorization header values in the >>>>> same header ? As [1] says we can use comma separated values for the same >>>>> header values. Is there a valid use case where we can use two >>>>> authorization >>>>> header values ?. If so we need to handle this within the logic you stated. >>>>> >>>>> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 >>>>> >>>>> On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa <[email protected]> >>>>> wrote: >>>>> >>>>>> @Malithi, >>>>>> Thank you very much for the detailed explanation.Yes when i was >>>>>> debugging the method extract* "Authorization:Basic xxxxxxxxxxxxxx" >>>>>> -H "Content-Type: application/x-www-form-urlencoded"* and then split >>>>>> it.thanks again for the explanation. >>>>>> >>>>>> Cheers. >>>>>> >>>>>> Kamidu Sachith Punchihewa >>>>>> *Software Engineer* >>>>>> WSO2, Inc. >>>>>> lean . enterprise . middleware >>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>> >>>>>> >>>>>> Disclaimer: This communication may contain privileged or other >>>>>> confidential information and is intended exclusively for the addressee/s. >>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>> received this communication in error, please reply to the sender >>>>>> indicating >>>>>> that fact and delete the copy you received and in addition, you should >>>>>> not >>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>> contained in this communication. Internet communications cannot be >>>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>>> accept liability for any errors or omissions. >>>>>> >>>>>> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Sachith, >>>>>>> >>>>>>> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects >>>>>>> the value of the 'Authorization' header. Please refer [1]. Here the >>>>>>> value >>>>>>> of the 'Authorization' header is passed to the method which is directly >>>>>>> taken from the servlet request. >>>>>>> And when decoding the header it expects the value to be in >>>>>>> '<authMethod> <base64Hash>' format. >>>>>>> >>>>>>> So actually what's wrong here is the curl you have posted. It should >>>>>>> be like below. >>>>>>> >>>>>>> curl -k -d "grant_type=password&username=admin&password=admin" -H >>>>>>> "Authorization:Basic xxxxxxxxxxxxxx" -H "Content-Type: >>>>>>> application/x-www-form-urlencoded" >>>>>>> https://localhost:9443/oauth2/token >>>>>>> >>>>>>> So this adds the two headers properly. >>>>>>> In your case the value of the 'Authorization' header is 'Basic >>>>>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Content-Type: >>>>>>> application/x-www-form-urlencoded' which is not in the expected format. >>>>>>> That's why you see the error 'Error decoding authorization header. >>>>>>> Space delimited \"<authMethod> <base64Hash>\" format violated.' >>>>>>> >>>>>>> Further, if you try out the curl command that Pushpalanka has posted >>>>>>> you will note that it works. >>>>>>> >>>>>>> [1] >>>>>>> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86 >>>>>>> >>>>>>> Thanks, >>>>>>> Malithi. >>>>>>> >>>>>>> >>>>>>> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> @Pushpalanka I used that then it gives me an error indicating >>>>>>>> "Client Authentication failed". >>>>>>>> >>>>>>>> This issues was not there in the IS 5.0.0. I did a debugging and >>>>>>>> found the issue. I have send a pull request regarding this. >>>>>>>> >>>>>>>> Thanks and Regards. >>>>>>>> Kamidu Sachith Punchihewa >>>>>>>> *Software Engineer* >>>>>>>> WSO2, Inc. >>>>>>>> lean . enterprise . middleware >>>>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>>>> >>>>>>>> >>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>> confidential information and is intended exclusively for the >>>>>>>> addressee/s. >>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>> received this communication in error, please reply to the sender >>>>>>>> indicating >>>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>>> not >>>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>>> not >>>>>>>> accept liability for any errors or omissions. >>>>>>>> >>>>>>>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Optionally, can you try with below command format and check, >>>>>>>>> >>>>>>>>> curl --user Client_Id:Client_Secret -k -d >>>>>>>>> "grant_type=password&username=admin&password=admin" -H >>>>>>>>> "Content-Type:application/x-www-form-urlencoded" >>>>>>>>> https://localhost:9443/oauth2/token >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Pushpalanka. >>>>>>>>> -- >>>>>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>>>>>> Mobile: +94779716248 >>>>>>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>>>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> I am currently using a locally build of IS Server from the latest >>>>>>>>>> code.When i try to get a OAuth Access token via a curl execution i am >>>>>>>>>> getting an error. >>>>>>>>>> >>>>>>>>>> Curl Format used : >>>>>>>>>> >>>>>>>>>> *curl**<SPACE>**-k**<SPACE>**-d**<SPACE>* >>>>>>>>>>> *"grant_type=password&username=userNamepasswork&=**passWord* >>>>>>>>>>> *&tenantDomain=carbon.super"**<SPACE>**-H**<SPACE>* >>>>>>>>>>> *"Authorization:Basic**<SPACE>**Base 64 encoded >>>>>>>>>>> clientID:clientSecret,**<SPACE>**Content-Type:**<SPACE>* >>>>>>>>>>> *application/x-www-form-urlencoded"**<SPACE>**https://localhost:9443/oauth2/token >>>>>>>>>>> <https://localhost:9443/oauth2/token>* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Actual command : >>>>>>>>>> >>>>>>>>>> curl -k -d >>>>>>>>>>> "grant_type=password&username=xxxxx&password=xxxxx&tenantDomain=carbon.super" >>>>>>>>>>> -H "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, >>>>>>>>>>> Content-Type: application/x-www-form-urlencoded" >>>>>>>>>>> https://localhost:9443/oauth2/token >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Error : >>>>>>>>>> >>>>>>>>>> "Error decoding authorization header. Space delimited >>>>>>>>>>> \"<authMethod> <base64Hash>\" format violated." >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Is there is a issue with the curl command i am using here ? >>>>>>>>>> >>>>>>>>>> Thanks and Regards. >>>>>>>>>> Kamidu Sachith Punchihewa >>>>>>>>>> *Software Engineer* >>>>>>>>>> WSO2, Inc. >>>>>>>>>> lean . enterprise . middleware >>>>>>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>>>> confidential information and is intended exclusively for the >>>>>>>>>> addressee/s. >>>>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>>>> received this communication in error, please reply to the sender >>>>>>>>>> indicating >>>>>>>>>> that fact and delete the copy you received and in addition, you >>>>>>>>>> should not >>>>>>>>>> print, copy, retransmit, disseminate, or otherwise use the >>>>>>>>>> information >>>>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender >>>>>>>>>> does not >>>>>>>>>> accept liability for any errors or omissions. >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Malithi Edirisinghe* >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc. >>>>>>> >>>>>>> Mobile : +94 (0) 718176807 >>>>>>> [email protected] >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Hasintha Indrajee >>>>> Software Engineer >>>>> WSO2, Inc. >>>>> Mobile:+94 771892453 >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Malithi Edirisinghe* >>>> Senior Software Engineer >>>> WSO2 Inc. >>>> >>>> Mobile : +94 (0) 718176807 >>>> [email protected] >>>> >>> >>> >>> >>> -- >>> Hasintha Indrajee >>> Software Engineer >>> WSO2, Inc. >>> Mobile:+94 771892453 >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > Lakmali Baminiwatta > Senior Software Engineer > WSO2, Inc.: http://wso2.com > lean.enterprise.middleware > mobile: +94 71 2335936 > blog : lakmali.com > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
