Thank you for the response Leo. I was able to get it working by excluding the authorization header and call like so:
POST to https://auth.peeringdb.com/oauth2/token/<https://auth.peeringdb.com/oauth2/token/> Header: 'Content-Type': 'application/x-www-form-urlencoded' Body: 'grant_type=authorization_code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=CODE&redirect_uri=CALLBACK_URI' It seems the system does not like the Basic auth header, nor does it like JSON as the request body. Hopefully this helps someone in the future. Thanks, Justin From: Leo Vegoda <[email protected]> Sent: Wednesday, February 22, 2023 11:01 AM To: Justin Cole <[email protected]> Subject: Re: [PDB Tech] OAuth client application help requested - cannot authorize with client secret Hi Justin, 2.44.0 was just deployed to production. It included a fix for OAuth logins that failed when MFA was enabled. It's possible that this has resolved your issue. If not, please let us know. Release Notes<https://docs.peeringdb.com/release_notes/> docs.peeringdb.com<https://docs.peeringdb.com/release_notes/> [favicon.ico]<https://docs.peeringdb.com/release_notes/> Kind regards, Leo Vegoda PeeringDB Product Manager On Feb 15, 2023, at 19:52, Justin Cole <[email protected]<mailto:[email protected]>> wrote: Hello, I'm hoping someone can help me with my OAuth application problem. I have created an OAuth application with authorization-code grant type and entered my redirect uri. I can successfully call the /authorize/ endpoint, log in and receive an authorization code. However, the subsequent callback to /token/ always returns 401 Unauthorized with response body: { "meta": { "error": "Invalid username or password" } } Call to /token/ looks like: POST to https://auth.peeringdb.com/oauth2/token/<https://auth.peeringdb.com/oauth2/token/> Header: Authorization: Basic (Base64Encode(CLIENT_ID:CLIENT_SECRET)) Body: { grant_type:'authorization_code', code:'CODE', redirect_uri:'https://localhost:3001/api/auth/callback/peeringdb<https://localhost:3001/api/auth/callback/peeringdb>', client_id:'CLIENT_ID', client_secret:'CLIENT_SECRET' } I've determined that problem is the Authorization header value, however I've verified the values match the client id/client secret generated from PeeringDB (https://www.peeringdb.com/oauth2/applications/register/<https://www.peeringdb.com/oauth2/applications/register/>) are correct. What am I doing wrong? Or is there something I am missing to enable the OAuth application registration from working properly? Thank you, Justin _______________________________________________ Pdb-tech mailing list [email protected]<mailto:[email protected]> https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech<https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech>
_______________________________________________ Pdb-tech mailing list [email protected] https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech
