Yes, So Thomas's issue should be something different since he has used correct format of a request(Without using user store domain).
@Thomas: Can you login to IS Management console and check secondary user store's users are listing under Users & Roles->List-> Users? Thanks Godwin On Thu, Jan 18, 2018 at 2:05 PM, Sathya Bandara <[email protected]> wrote: > Hi, > > On Thu, Jan 18, 2018 at 12:20 PM, Godwin Shrimal <[email protected]> wrote: > >> Hi Sathya, >> >> Ideally, user should get authenticated even you send without user store >> domain. right? >> > > Yes. user gets authenticated without the user store domain. If the user is > in super tenant domain(carbon.super), we can discard the tenant domain as > well. > >> >> >> Thanks >> Godwin >> >> >> On Thu, Jan 18, 2018 at 1:15 PM, Sathya Bandara <[email protected]> wrote: >> >>> Hi Thomas, >>> >>> Can you try with the following curl command. >>> >>> curl -v -X POST --basic -u <client_id>:<client_secret> -H >>> "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d >>> "grant_type=password&username=<userstore_domain>/[email protected]&password=admin" >>> https://localhost:8243/token >>> >>> [1] https://docs.wso2.com/display/AM210/Password+Grant >>> >>> On Wed, Jan 17, 2018 at 7:11 PM, Thomas LEGRAND < >>> [email protected]> wrote: >>> >>>> Hello, >>>> >>>> I configured the Identity Server (IS) to be the Key Manager of the API >>>> Manager (APIM). In the IS, I configured a secondary user store where I will >>>> have my users of my applications. But, I think I missed something because >>>> when I want to generate a OAuth token for a user stored in this secondary >>>> user store, I have an error: >>>> >>>> My request: >>>> >>>> curl -k -d "grant_type=password&username=<USR_NAME>&password=<USR_PASSWD>" >>>> -H "Authorization: Basic <BASE64_KEY_SECRET_COUPLE>" >>>> https://apim:8243/token >>>> >>>> The response: >>>> >>>> {"error_description":"Authentication failed for >>>> <USR_NAME>@carbon.super","error":"invalid_grant"}. >>>> >>>> In the application in the store of the APIM, "Password" is ticked so >>>> the grant_type is right. >>>> And I tried with the following pattern for the <USR_NAME>: >>>> - <USR_NAME> >>>> - <DOMAIN>/<USR_NAME> >>>> - <DOMAIN>\<USR_NAME> >>>> >>>> Can you help me? How can I ensure that the APIM uses all of the user >>>> stores from the IS. >>>> >>>> Regards, >>>> >>>> Thomas >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Sathya Bandara >>> Software Engineer >>> WSO2 Inc. http://wso2.com >>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>> >>> <+94%2071%20411%205032> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Godwin Amila Shrimal* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> > > > > -- > Sathya Bandara > Software Engineer > WSO2 Inc. http://wso2.com > Mobile: (+94) 715 360 421 <+94%2071%20411%205032> > > <+94%2071%20411%205032> > -- *Godwin Amila Shrimal* Associate Technical Lead WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ <https://www.linkedin.com/in/godwin-amila-2ba26844/>* twitter: https://twitter.com/godwinamila <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
