Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2016-03-11 Thread Kavitha Subramaniyam 
It is because the refresh_token you are using is an invalid/ expired as
Lakmali mentioned. Hope this[1] will help for more understanding.

[1] http://tools.ietf.org/html/rfc6749#page-44

Thanks,
Kavitha

On Fri, Mar 11, 2016 at 3:34 PM, Ishara Cooray  wrote:

> Thanks Lakmali.
>
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Fri, Mar 11, 2016 at 3:16 PM, Lakmali Baminiwatta 
> wrote:
>
>> This can happen if you reuse the same refresh token more than once [1].
>> Please check whether you are using the latest refresh token returned or
>> reusing a old one.
>>
>> Thanks,
>> Lakmali
>>
>> On 11 March 2016 at 14:59, Ishara Cooray  wrote:
>>
>>> Thanks Lakmali. It works!
>>>
>>> It works for the password grant type as you have pointed out.
>>> But for refresh_token grant type i get Provided Authorization Grant is
>>> invalid error.
>>>
>>>  curl -k -d
>>> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
>>> -H "Authorization: Basic
>>> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh"
>>> -H "Content-Type: application/x-www-form-urlencoded"
>>> https://api.cloudstaging.wso2.com:8243/token
>>> {"error":"invalid_grant","error_description":"Provided Authorization
>>> Grant is invalid"}
>>>
>>> is there something to change here?
>>>
>>>
>>>
>>> Ishara Cooray
>>> Senior Software Engineer
>>> Mobile : +9477 262 9512
>>> WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> On Fri, Mar 11, 2016 at 2:30 PM, Lakmali Baminiwatta 
>>> wrote:
>>>
 Hi Ishara,

 On 11 March 2016 at 14:27, Ishara Cooray  wrote:

> Hi Malithi/Pushpalanka,
>
> I tried renewing access token by invoking TokenAPi. Below is my CURL.
>
> curl  -d
> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
> -H "Authorization:Basic
> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh,
> Content-Type: application/x-www-form-urlencoded"
> https://api.cloudstaging.wso2.com:8243/token -v
>

  Headers should be sent separately as given in [1]

 [1] https://wso2.org/jira/browse/APIMANAGER-4452

 Thanks,
 Lakmali

> I get Authentication failed error from the above command and Error
> Error decoding authorization header. Space delimited "
> " format violated. was observed in the keymanager console 
> where
> we have APIM 1.10.0
> {"error":"invalid_client","error_description":"Client Authentication
> failed."}
>
> Followed the doc [1]. What could have went wrong?
>
> If i use the curl --user Client_Id:Client_Secret as pushpalanka
> suggested i get
> {"error":"invalid_grant","error_description":"Provided Authorization
> Grant is invalid"}
>
>
> Console Log:
>
>  ERROR
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
> Error while extracting credentials from authorization header
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
> org.wso2.carbon.identity.oauth.common.exception.OAuthClientException:
> Error decoding authorization header. Space delimited "
> " format violated.
> at
> org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152)
> at
> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82)
> at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2016-03-11 Thread Ishara Cooray 
Thanks Lakmali.

Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

On Fri, Mar 11, 2016 at 3:16 PM, Lakmali Baminiwatta 
wrote:

> This can happen if you reuse the same refresh token more than once [1].
> Please check whether you are using the latest refresh token returned or
> reusing a old one.
>
> Thanks,
> Lakmali
>
> On 11 March 2016 at 14:59, Ishara Cooray  wrote:
>
>> Thanks Lakmali. It works!
>>
>> It works for the password grant type as you have pointed out.
>> But for refresh_token grant type i get Provided Authorization Grant is
>> invalid error.
>>
>>  curl -k -d
>> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
>> -H "Authorization: Basic
>> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh"
>> -H "Content-Type: application/x-www-form-urlencoded"
>> https://api.cloudstaging.wso2.com:8243/token
>> {"error":"invalid_grant","error_description":"Provided Authorization
>> Grant is invalid"}
>>
>> is there something to change here?
>>
>>
>>
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> On Fri, Mar 11, 2016 at 2:30 PM, Lakmali Baminiwatta 
>> wrote:
>>
>>> Hi Ishara,
>>>
>>> On 11 March 2016 at 14:27, Ishara Cooray  wrote:
>>>
 Hi Malithi/Pushpalanka,

 I tried renewing access token by invoking TokenAPi. Below is my CURL.

 curl  -d
 "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
 -H "Authorization:Basic
 bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh,
 Content-Type: application/x-www-form-urlencoded"
 https://api.cloudstaging.wso2.com:8243/token -v

>>>
>>>  Headers should be sent separately as given in [1]
>>>
>>> [1] https://wso2.org/jira/browse/APIMANAGER-4452
>>>
>>> Thanks,
>>> Lakmali
>>>
 I get Authentication failed error from the above command and Error
 Error decoding authorization header. Space delimited "
 " format violated. was observed in the keymanager console where
 we have APIM 1.10.0
 {"error":"invalid_client","error_description":"Client Authentication
 failed."}

 Followed the doc [1]. What could have went wrong?

 If i use the curl --user Client_Id:Client_Secret as pushpalanka
 suggested i get
 {"error":"invalid_grant","error_description":"Provided Authorization
 Grant is invalid"}


 Console Log:

  ERROR
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 Error while extracting credentials from authorization header
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
 org.wso2.carbon.identity.oauth.common.exception.OAuthClientException:
 Error decoding authorization header. Space delimited "
 " format violated.
 at
 org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152)
 at
 org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82)
 at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at
 org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
 at
 org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
 at
 org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
 at
 org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
 at
 org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
 at
 org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at
 org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
 at
 org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
 at
 org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
 at
 org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
 at
 org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
 at
 org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
 at
 org.apache.cxf.transport.servlet.AbstractHTTPServle

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2016-03-11 Thread Lakmali Baminiwatta 
This can happen if you reuse the same refresh token more than once [1].
Please check whether you are using the latest refresh token returned or
reusing a old one.

Thanks,
Lakmali

On 11 March 2016 at 14:59, Ishara Cooray  wrote:

> Thanks Lakmali. It works!
>
> It works for the password grant type as you have pointed out.
> But for refresh_token grant type i get Provided Authorization Grant is
> invalid error.
>
>  curl -k -d
> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
> -H "Authorization: Basic
> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh"
> -H "Content-Type: application/x-www-form-urlencoded"
> https://api.cloudstaging.wso2.com:8243/token
> {"error":"invalid_grant","error_description":"Provided Authorization Grant
> is invalid"}
>
> is there something to change here?
>
>
>
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Fri, Mar 11, 2016 at 2:30 PM, Lakmali Baminiwatta 
> wrote:
>
>> Hi Ishara,
>>
>> On 11 March 2016 at 14:27, Ishara Cooray  wrote:
>>
>>> Hi Malithi/Pushpalanka,
>>>
>>> I tried renewing access token by invoking TokenAPi. Below is my CURL.
>>>
>>> curl  -d
>>> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
>>> -H "Authorization:Basic
>>> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh,
>>> Content-Type: application/x-www-form-urlencoded"
>>> https://api.cloudstaging.wso2.com:8243/token -v
>>>
>>
>>  Headers should be sent separately as given in [1]
>>
>> [1] https://wso2.org/jira/browse/APIMANAGER-4452
>>
>> Thanks,
>> Lakmali
>>
>>> I get Authentication failed error from the above command and Error Error
>>> decoding authorization header. Space delimited " "
>>> format violated. was observed in the keymanager console where we have APIM
>>> 1.10.0
>>> {"error":"invalid_client","error_description":"Client Authentication
>>> failed."}
>>>
>>> Followed the doc [1]. What could have went wrong?
>>>
>>> If i use the curl --user Client_Id:Client_Secret as pushpalanka
>>> suggested i get
>>> {"error":"invalid_grant","error_description":"Provided Authorization
>>> Grant is invalid"}
>>>
>>>
>>> Console Log:
>>>
>>>  ERROR
>>> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>>> Error while extracting credentials from authorization header
>>> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
>>> org.wso2.carbon.identity.oauth.common.exception.OAuthClientException:
>>> Error decoding authorization header. Space delimited "
>>> " format violated.
>>> at
>>> org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152)
>>> at
>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82)
>>> at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at
>>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
>>> at
>>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
>>> at
>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
>>> at
>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
>>> at
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>>> at
>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>>> at
>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
>>> at
>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>>> at
>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>>> at
>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>>> at
>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
>>> at
>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
>>> at
>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
>>> at
>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2016-03-11 Thread Ishara Cooray 
Thanks Lakmali. It works!

It works for the password grant type as you have pointed out.
But for refresh_token grant type i get Provided Authorization Grant is
invalid error.

 curl -k -d
"grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
-H "Authorization: Basic
bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh"
-H "Content-Type: application/x-www-form-urlencoded"
https://api.cloudstaging.wso2.com:8243/token
{"error":"invalid_grant","error_description":"Provided Authorization Grant
is invalid"}

is there something to change here?



Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

On Fri, Mar 11, 2016 at 2:30 PM, Lakmali Baminiwatta 
wrote:

> Hi Ishara,
>
> On 11 March 2016 at 14:27, Ishara Cooray  wrote:
>
>> Hi Malithi/Pushpalanka,
>>
>> I tried renewing access token by invoking TokenAPi. Below is my CURL.
>>
>> curl  -d
>> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
>> -H "Authorization:Basic
>> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh,
>> Content-Type: application/x-www-form-urlencoded"
>> https://api.cloudstaging.wso2.com:8243/token -v
>>
>
>  Headers should be sent separately as given in [1]
>
> [1] https://wso2.org/jira/browse/APIMANAGER-4452
>
> Thanks,
> Lakmali
>
>> I get Authentication failed error from the above command and Error Error
>> decoding authorization header. Space delimited " "
>> format violated. was observed in the keymanager console where we have APIM
>> 1.10.0
>> {"error":"invalid_client","error_description":"Client Authentication
>> failed."}
>>
>> Followed the doc [1]. What could have went wrong?
>>
>> If i use the curl --user Client_Id:Client_Secret as pushpalanka suggested
>> i get
>> {"error":"invalid_grant","error_description":"Provided Authorization
>> Grant is invalid"}
>>
>>
>> Console Log:
>>
>>  ERROR
>> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>> Error while extracting credentials from authorization header
>> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
>> org.wso2.carbon.identity.oauth.common.exception.OAuthClientException:
>> Error decoding authorization header. Space delimited "
>> " format violated.
>> at
>> org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152)
>> at
>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82)
>> at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
>> at
>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
>> at
>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
>> at
>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>> at
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>> at
>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
>> at
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
>> at
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
>> at
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
>> at
>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
>> at
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
>> at
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
>> at
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2016-03-11 Thread Lakmali Baminiwatta 
Hi Ishara,

On 11 March 2016 at 14:27, Ishara Cooray  wrote:

> Hi Malithi/Pushpalanka,
>
> I tried renewing access token by invoking TokenAPi. Below is my CURL.
>
> curl  -d
> "grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
> -H "Authorization:Basic
> bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh,
> Content-Type: application/x-www-form-urlencoded"
> https://api.cloudstaging.wso2.com:8243/token -v
>

 Headers should be sent separately as given in [1]

[1] https://wso2.org/jira/browse/APIMANAGER-4452

Thanks,
Lakmali

> I get Authentication failed error from the above command and Error Error
> decoding authorization header. Space delimited " "
> format violated. was observed in the keymanager console where we have APIM
> 1.10.0
> {"error":"invalid_client","error_description":"Client Authentication
> failed."}
>
> Followed the doc [1]. What could have went wrong?
>
> If i use the curl --user Client_Id:Client_Secret as pushpalanka suggested
> i get
> {"error":"invalid_grant","error_description":"Provided Authorization Grant
> is invalid"}
>
>
> Console Log:
>
>  ERROR {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
> -  Error while extracting credentials from authorization header
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
> org.wso2.carbon.identity.oauth.common.exception.OAuthClientException:
> Error decoding authorization header. Space delimited "
> " format violated.
> at
> org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152)
> at
> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82)
> at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
> org.apache.catalina.authenticator.Authenticato

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2016-03-11 Thread Ishara Cooray 
Hi Malithi/Pushpalanka,

I tried renewing access token by invoking TokenAPi. Below is my CURL.

curl  -d
"grant_type=refresh_token&refresh_token=87c4145a25f2e72d6d51edce3362f382&scope=PRODUCTION"
-H "Authorization:Basic
bTlKZ2dkaXhGOGs3Y09jS1lLcW5ZQU16Q2lBYTphS19meWRraVlmS3k3VXlicEZkMU53eF81WkFh,
Content-Type: application/x-www-form-urlencoded"
https://api.cloudstaging.wso2.com:8243/token -v

I get Authentication failed error from the above command and Error Error
decoding authorization header. Space delimited " "
format violated. was observed in the keymanager console where we have APIM
1.10.0
{"error":"invalid_client","error_description":"Client Authentication
failed."}

Followed the doc [1]. What could have went wrong?

If i use the curl --user Client_Id:Client_Secret as pushpalanka suggested i
get
{"error":"invalid_grant","error_description":"Provided Authorization Grant
is invalid"}


Console Log:

 ERROR {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
-  Error while extracting credentials from authorization header
{org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
org.wso2.carbon.identity.oauth.common.exception.OAuthClientException: Error
decoding authorization header. Space delimited " "
format violated.
at
org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.extractCredentialsFromAuthzHeader(EndpointUtil.java:152)
at
org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:82)
at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invok

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Hasintha Indrajee 
We have the same logic in few places to extract authorization header (Not
only in Oauth).

On Wed, Oct 7, 2015 at 10:59 PM, Malithi Edirisinghe 
wrote:

> Hi Hasintha,
>
> I don't see any usecase for using multiple authorization header values
> here. This is used for OAuth Client Authentication [1]. There we don't have
> multiple client credentials right.
>
> [1] https://tools.ietf.org/html/rfc6749#section-2.3
>
> On Wed, Oct 7, 2015 at 10:21 PM, Hasintha Indrajee 
> wrote:
>
>> Hi Malithi,
>>
>> What happens if we include multiple authorization header values in the
>> same header ? As [1] says we can use comma separated values for the same
>> header values. Is there a valid use case where we can use two authorization
>> header values ?. If so we need to handle this within the logic you stated.
>>
>> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
>>
>> On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa 
>> wrote:
>>
>>> @Malithi,
>>> Thank you very much for the detailed explanation.Yes when i was
>>> debugging the method extract* "Authorization:Basic xx" -H
>>> "Content-Type: application/x-www-form-urlencoded"* and then split
>>> it.thanks again for the explanation.
>>>
>>> Cheers.
>>>
>>> Kamidu Sachith Punchihewa
>>> *Software Engineer*
>>> WSO2, Inc.
>>> lean . enterprise . middleware
>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>>>
>>>
>>> Disclaimer: This communication may contain privileged or other
>>> confidential information and is intended exclusively for the addressee/s.
>>> If you are not the intended recipient/s, or believe that you may have
>>> received this communication in error, please reply to the sender indicating
>>> that fact and delete the copy you received and in addition, you should not
>>> print, copy, retransmit, disseminate, or otherwise use the information
>>> contained in this communication. Internet communications cannot be
>>> guaranteed to be timely, secure, error or virus-free. The sender does not
>>> accept liability for any errors or omissions.
>>>
>>> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe 
>>> wrote:
>>>
 Hi Sachith,

 Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects
 the value of the 'Authorization' header. Please refer [1]. Here the value
 of the 'Authorization' header is passed to the method which is directly
 taken from the servlet request.
 And when decoding the header it expects the value to be in
 ' ' format.

 So actually what's wrong here is the curl you have posted. It should be
 like below.

 curl -k -d "grant_type=password&username=admin&password=admin" -H
 "Authorization:Basic xx" -H "Content-Type:
 application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

 So this adds the two headers properly.
 In your case the value of the 'Authorization' header is 'Basic
 xx, Content-Type:
 application/x-www-form-urlencoded' which is not in the expected format.
 That's why you see the error 'Error decoding authorization header.
 Space delimited \" \" format violated.'

 Further, if you try out the curl command that Pushpalanka has posted
 you will note that it works.

 [1]
 https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86

 Thanks,
 Malithi.


 On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa 
 wrote:

> Hi All,
>
> @Pushpalanka I used that then it gives me an error indicating "Client
> Authentication failed".
>
> This issues was not there in the IS 5.0.0. I did a debugging and found
> the issue. I have send a pull request regarding this.
>
> Thanks and Regards.
> Kamidu Sachith Punchihewa
> *Software Engineer*
> WSO2, Inc.
> lean . enterprise . middleware
> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender 
> indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana <
> la...@wso2.com> wrote:
>
>> Hi,
>>
>> Optionally, can you try with below command format and check,

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Malithi Edirisinghe 
Hi Hasintha,

I don't see any usecase for using multiple authorization header values
here. This is used for OAuth Client Authentication [1]. There we don't have
multiple client credentials right.

[1] https://tools.ietf.org/html/rfc6749#section-2.3

On Wed, Oct 7, 2015 at 10:21 PM, Hasintha Indrajee 
wrote:

> Hi Malithi,
>
> What happens if we include multiple authorization header values in the
> same header ? As [1] says we can use comma separated values for the same
> header values. Is there a valid use case where we can use two authorization
> header values ?. If so we need to handle this within the logic you stated.
>
> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
>
> On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa 
> wrote:
>
>> @Malithi,
>> Thank you very much for the detailed explanation.Yes when i was debugging
>> the method extract* "Authorization:Basic xx" -H
>> "Content-Type: application/x-www-form-urlencoded"* and then split
>> it.thanks again for the explanation.
>>
>> Cheers.
>>
>> Kamidu Sachith Punchihewa
>> *Software Engineer*
>> WSO2, Inc.
>> lean . enterprise . middleware
>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>>
>>
>> Disclaimer: This communication may contain privileged or other
>> confidential information and is intended exclusively for the addressee/s.
>> If you are not the intended recipient/s, or believe that you may have
>> received this communication in error, please reply to the sender indicating
>> that fact and delete the copy you received and in addition, you should not
>> print, copy, retransmit, disseminate, or otherwise use the information
>> contained in this communication. Internet communications cannot be
>> guaranteed to be timely, secure, error or virus-free. The sender does not
>> accept liability for any errors or omissions.
>>
>> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe 
>> wrote:
>>
>>> Hi Sachith,
>>>
>>> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects the
>>> value of the 'Authorization' header. Please refer [1]. Here the value of
>>> the 'Authorization' header is passed to the method which is directly taken
>>> from the servlet request.
>>> And when decoding the header it expects the value to be in '
>>> ' format.
>>>
>>> So actually what's wrong here is the curl you have posted. It should be
>>> like below.
>>>
>>> curl -k -d "grant_type=password&username=admin&password=admin" -H
>>> "Authorization:Basic xx" -H "Content-Type:
>>> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
>>>
>>> So this adds the two headers properly.
>>> In your case the value of the 'Authorization' header is 'Basic
>>> xx, Content-Type:
>>> application/x-www-form-urlencoded' which is not in the expected format.
>>> That's why you see the error 'Error decoding authorization header. Space
>>> delimited \" \" format violated.'
>>>
>>> Further, if you try out the curl command that Pushpalanka has posted you
>>> will note that it works.
>>>
>>> [1]
>>> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86
>>>
>>> Thanks,
>>> Malithi.
>>>
>>>
>>> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa 
>>> wrote:
>>>
 Hi All,

 @Pushpalanka I used that then it gives me an error indicating "Client
 Authentication failed".

 This issues was not there in the IS 5.0.0. I did a debugging and found
 the issue. I have send a pull request regarding this.

 Thanks and Regards.
 Kamidu Sachith Punchihewa
 *Software Engineer*
 WSO2, Inc.
 lean . enterprise . middleware
 Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>


 Disclaimer: This communication may contain privileged or other
 confidential information and is intended exclusively for the addressee/s.
 If you are not the intended recipient/s, or believe that you may have
 received this communication in error, please reply to the sender indicating
 that fact and delete the copy you received and in addition, you should not
 print, copy, retransmit, disseminate, or otherwise use the information
 contained in this communication. Internet communications cannot be
 guaranteed to be timely, secure, error or virus-free. The sender does not
 accept liability for any errors or omissions.

 On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana <
 la...@wso2.com> wrote:

> Hi,
>
> Optionally, can you try with below command format and check,
>
> curl --user Client_Id:Client_Secret  -k -d
> "grant_type=password&username=admin&password=admin" -H
> "Content-Type:application/x-www-form-urlencoded"
> https://localhost:9443/oauth2/token
>
> Thanks,
> Pushpalanka.
> --
> Pushpalanka Jayawa

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Hasintha Indrajee 
Hi Malithi,

What happens if we include multiple authorization header values in the same
header ? As [1] says we can use comma separated values for the same header
values. Is there a valid use case where we can use two authorization header
values ?. If so we need to handle this within the logic you stated.

[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2

On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa 
wrote:

> @Malithi,
> Thank you very much for the detailed explanation.Yes when i was debugging
> the method extract* "Authorization:Basic xx" -H
> "Content-Type: application/x-www-form-urlencoded"* and then split
> it.thanks again for the explanation.
>
> Cheers.
>
> Kamidu Sachith Punchihewa
> *Software Engineer*
> WSO2, Inc.
> lean . enterprise . middleware
> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe 
> wrote:
>
>> Hi Sachith,
>>
>> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects the
>> value of the 'Authorization' header. Please refer [1]. Here the value of
>> the 'Authorization' header is passed to the method which is directly taken
>> from the servlet request.
>> And when decoding the header it expects the value to be in '
>> ' format.
>>
>> So actually what's wrong here is the curl you have posted. It should be
>> like below.
>>
>> curl -k -d "grant_type=password&username=admin&password=admin" -H
>> "Authorization:Basic xx" -H "Content-Type:
>> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
>>
>> So this adds the two headers properly.
>> In your case the value of the 'Authorization' header is 'Basic
>> xx, Content-Type:
>> application/x-www-form-urlencoded' which is not in the expected format.
>> That's why you see the error 'Error decoding authorization header. Space
>> delimited \" \" format violated.'
>>
>> Further, if you try out the curl command that Pushpalanka has posted you
>> will note that it works.
>>
>> [1]
>> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86
>>
>> Thanks,
>> Malithi.
>>
>>
>> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa 
>> wrote:
>>
>>> Hi All,
>>>
>>> @Pushpalanka I used that then it gives me an error indicating "Client
>>> Authentication failed".
>>>
>>> This issues was not there in the IS 5.0.0. I did a debugging and found
>>> the issue. I have send a pull request regarding this.
>>>
>>> Thanks and Regards.
>>> Kamidu Sachith Punchihewa
>>> *Software Engineer*
>>> WSO2, Inc.
>>> lean . enterprise . middleware
>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>>>
>>>
>>> Disclaimer: This communication may contain privileged or other
>>> confidential information and is intended exclusively for the addressee/s.
>>> If you are not the intended recipient/s, or believe that you may have
>>> received this communication in error, please reply to the sender indicating
>>> that fact and delete the copy you received and in addition, you should not
>>> print, copy, retransmit, disseminate, or otherwise use the information
>>> contained in this communication. Internet communications cannot be
>>> guaranteed to be timely, secure, error or virus-free. The sender does not
>>> accept liability for any errors or omissions.
>>>
>>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana >> > wrote:
>>>
 Hi,

 Optionally, can you try with below command format and check,

 curl --user Client_Id:Client_Secret  -k -d
 "grant_type=password&username=admin&password=admin" -H
 "Content-Type:application/x-www-form-urlencoded"
 https://localhost:9443/oauth2/token

 Thanks,
 Pushpalanka.
 --
 Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
 Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
 Mobile: +94779716248
 Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
 lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


 On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa 
 wrote:

> Hi,
> I am currently using a locally build of IS Server from the latest
> code.When i try to get a OAuth Access token via a cu

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Sachith Punchihewa 
@Malithi,
Thank you very much for the detailed explanation.Yes when i was debugging
the method extract* "Authorization:Basic xx" -H "Content-Type:
application/x-www-form-urlencoded"* and then split it.thanks again for the
explanation.

Cheers.

Kamidu Sachith Punchihewa
*Software Engineer*
WSO2, Inc.
lean . enterprise . middleware
Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>


Disclaimer: This communication may contain privileged or other confidential
information and is intended exclusively for the addressee/s. If you are not
the intended recipient/s, or believe that you may have received this
communication in error, please reply to the sender indicating that fact and
delete the copy you received and in addition, you should not print, copy,
retransmit, disseminate, or otherwise use the information contained in this
communication. Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability for any
errors or omissions.

On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe 
wrote:

> Hi Sachith,
>
> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects the
> value of the 'Authorization' header. Please refer [1]. Here the value of
> the 'Authorization' header is passed to the method which is directly taken
> from the servlet request.
> And when decoding the header it expects the value to be in '
> ' format.
>
> So actually what's wrong here is the curl you have posted. It should be
> like below.
>
> curl -k -d "grant_type=password&username=admin&password=admin" -H
> "Authorization:Basic xx" -H "Content-Type:
> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
>
> So this adds the two headers properly.
> In your case the value of the 'Authorization' header is 'Basic
> xx, Content-Type:
> application/x-www-form-urlencoded' which is not in the expected format.
> That's why you see the error 'Error decoding authorization header. Space
> delimited \" \" format violated.'
>
> Further, if you try out the curl command that Pushpalanka has posted you
> will note that it works.
>
> [1]
> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86
>
> Thanks,
> Malithi.
>
>
> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa 
> wrote:
>
>> Hi All,
>>
>> @Pushpalanka I used that then it gives me an error indicating "Client
>> Authentication failed".
>>
>> This issues was not there in the IS 5.0.0. I did a debugging and found
>> the issue. I have send a pull request regarding this.
>>
>> Thanks and Regards.
>> Kamidu Sachith Punchihewa
>> *Software Engineer*
>> WSO2, Inc.
>> lean . enterprise . middleware
>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>>
>>
>> Disclaimer: This communication may contain privileged or other
>> confidential information and is intended exclusively for the addressee/s.
>> If you are not the intended recipient/s, or believe that you may have
>> received this communication in error, please reply to the sender indicating
>> that fact and delete the copy you received and in addition, you should not
>> print, copy, retransmit, disseminate, or otherwise use the information
>> contained in this communication. Internet communications cannot be
>> guaranteed to be timely, secure, error or virus-free. The sender does not
>> accept liability for any errors or omissions.
>>
>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana 
>> wrote:
>>
>>> Hi,
>>>
>>> Optionally, can you try with below command format and check,
>>>
>>> curl --user Client_Id:Client_Secret  -k -d
>>> "grant_type=password&username=admin&password=admin" -H
>>> "Content-Type:application/x-www-form-urlencoded"
>>> https://localhost:9443/oauth2/token
>>>
>>> Thanks,
>>> Pushpalanka.
>>> --
>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>> Mobile: +94779716248
>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>>
>>>
>>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa 
>>> wrote:
>>>
 Hi,
 I am currently using a locally build of IS Server from the latest
 code.When i try to get a OAuth Access token via a curl execution i am
 getting an error.

 Curl Format used :

 *curl-k-d***
> *"grant_type=password&username=userNamepasswork&=**passWord*
> *&tenantDomain=carbon.super"-H***
> *"Authorization:BasicBase 64 encoded
> clientID:clientSecret,Content-Type:***
> *application/x-www-form-urlencoded"https://localhost:9443/oauth2/token
> *


 Actual command :

 curl -k -d
> "grant_type=password&username=x&password=x&tenantDomain=carbon.super"

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Malithi Edirisinghe 
Hi Sachith,

Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects the
value of the 'Authorization' header. Please refer [1]. Here the value of
the 'Authorization' header is passed to the method which is directly taken
from the servlet request.
And when decoding the header it expects the value to be in '
' format.

So actually what's wrong here is the curl you have posted. It should be
like below.

curl -k -d "grant_type=password&username=admin&password=admin" -H
"Authorization:Basic xx" -H "Content-Type:
application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

So this adds the two headers properly.
In your case the value of the 'Authorization' header is 'Basic
xx, Content-Type:
application/x-www-form-urlencoded' which is not in the expected format.
That's why you see the error 'Error decoding authorization header. Space
delimited \" \" format violated.'

Further, if you try out the curl command that Pushpalanka has posted you
will note that it works.

[1]
https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86

Thanks,
Malithi.


On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa 
wrote:

> Hi All,
>
> @Pushpalanka I used that then it gives me an error indicating "Client
> Authentication failed".
>
> This issues was not there in the IS 5.0.0. I did a debugging and found the
> issue. I have send a pull request regarding this.
>
> Thanks and Regards.
> Kamidu Sachith Punchihewa
> *Software Engineer*
> WSO2, Inc.
> lean . enterprise . middleware
> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana 
> wrote:
>
>> Hi,
>>
>> Optionally, can you try with below command format and check,
>>
>> curl --user Client_Id:Client_Secret  -k -d
>> "grant_type=password&username=admin&password=admin" -H
>> "Content-Type:application/x-www-form-urlencoded"
>> https://localhost:9443/oauth2/token
>>
>> Thanks,
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>
>>
>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa 
>> wrote:
>>
>>> Hi,
>>> I am currently using a locally build of IS Server from the latest
>>> code.When i try to get a OAuth Access token via a curl execution i am
>>> getting an error.
>>>
>>> Curl Format used :
>>>
>>> *curl-k-d***
 *"grant_type=password&username=userNamepasswork&=**passWord*
 *&tenantDomain=carbon.super"-H***
 *"Authorization:BasicBase 64 encoded clientID:clientSecret,*
 ***Content-Type:application/x-www-form-urlencoded"*
 ***https://localhost:9443/oauth2/token
 *
>>>
>>>
>>> Actual command :
>>>
>>> curl -k -d
 "grant_type=password&username=x&password=x&tenantDomain=carbon.super"
 -H "Authorization: Basic xx,
 Content-Type: application/x-www-form-urlencoded"
 https://localhost:9443/oauth2/token
>>>
>>>
>>> Error :
>>>
>>> "Error decoding authorization header. Space delimited \"
 \" format violated."
>>>
>>>
>>>
>>> Is there is a issue with the curl command i am using here ?
>>>
>>> Thanks and Regards.
>>> Kamidu Sachith Punchihewa
>>> *Software Engineer*
>>> WSO2, Inc.
>>> lean . enterprise . middleware
>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>>>
>>>
>>> Disclaimer: This communication may contain privileged or other
>>> confidential information and is intended exclusively for the addressee/s.
>>> If you are not the intended recipient/s, or believe that you may have
>>> received this communication in error, please reply to the sender indicating
>>> that fact and delete the copy you received and in addition, you should not
>>> print, copy, retransmit, disseminate, or otherwise use the information
>>> contained in this communication. Internet communications cannot be
>>> guaranteed to be timely, secure, error or virus-free. The sender does not
>>> accept liability for any errors or omissions.
>>>
>>> _

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Sachith Punchihewa 
Hi All,

@Pushpalanka I used that then it gives me an error indicating "Client
Authentication failed".

This issues was not there in the IS 5.0.0. I did a debugging and found the
issue. I have send a pull request regarding this.

Thanks and Regards.
Kamidu Sachith Punchihewa
*Software Engineer*
WSO2, Inc.
lean . enterprise . middleware
Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>


Disclaimer: This communication may contain privileged or other confidential
information and is intended exclusively for the addressee/s. If you are not
the intended recipient/s, or believe that you may have received this
communication in error, please reply to the sender indicating that fact and
delete the copy you received and in addition, you should not print, copy,
retransmit, disseminate, or otherwise use the information contained in this
communication. Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability for any
errors or omissions.

On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana 
wrote:

> Hi,
>
> Optionally, can you try with below command format and check,
>
> curl --user Client_Id:Client_Secret  -k -d
> "grant_type=password&username=admin&password=admin" -H
> "Content-Type:application/x-www-form-urlencoded"
> https://localhost:9443/oauth2/token
>
> Thanks,
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa 
> wrote:
>
>> Hi,
>> I am currently using a locally build of IS Server from the latest
>> code.When i try to get a OAuth Access token via a curl execution i am
>> getting an error.
>>
>> Curl Format used :
>>
>> *curl-k-d***
>>> *"grant_type=password&username=userNamepasswork&=**passWord*
>>> *&tenantDomain=carbon.super"-H***
>>> *"Authorization:BasicBase 64 encoded clientID:clientSecret,*
>>> ***Content-Type:application/x-www-form-urlencoded"*
>>> ***https://localhost:9443/oauth2/token
>>> *
>>
>>
>> Actual command :
>>
>> curl -k -d
>>> "grant_type=password&username=x&password=x&tenantDomain=carbon.super"
>>> -H "Authorization: Basic xx,
>>> Content-Type: application/x-www-form-urlencoded"
>>> https://localhost:9443/oauth2/token
>>
>>
>> Error :
>>
>> "Error decoding authorization header. Space delimited \"
>>> \" format violated."
>>
>>
>>
>> Is there is a issue with the curl command i am using here ?
>>
>> Thanks and Regards.
>> Kamidu Sachith Punchihewa
>> *Software Engineer*
>> WSO2, Inc.
>> lean . enterprise . middleware
>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>>
>>
>> Disclaimer: This communication may contain privileged or other
>> confidential information and is intended exclusively for the addressee/s.
>> If you are not the intended recipient/s, or believe that you may have
>> received this communication in error, please reply to the sender indicating
>> that fact and delete the copy you received and in addition, you should not
>> print, copy, retransmit, disseminate, or otherwise use the information
>> contained in this communication. Internet communications cannot be
>> guaranteed to be timely, secure, error or virus-free. The sender does not
>> accept liability for any errors or omissions.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Pushpalanka Jayawardhana 
Hi,

Optionally, can you try with below command format and check,

curl --user Client_Id:Client_Secret  -k -d
"grant_type=password&username=admin&password=admin" -H
"Content-Type:application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa 
wrote:

> Hi,
> I am currently using a locally build of IS Server from the latest
> code.When i try to get a OAuth Access token via a curl execution i am
> getting an error.
>
> Curl Format used :
>
> *curl-k-d***
>> *"grant_type=password&username=userNamepasswork&=**passWord*
>> *&tenantDomain=carbon.super"-H"Authorization:Basic*
>> ***Base 64 encoded clientID:clientSecret,Content-Type:*
>> ***application/x-www-form-urlencoded"https://localhost:9443/oauth2/token
>> *
>
>
> Actual command :
>
> curl -k -d
>> "grant_type=password&username=x&password=x&tenantDomain=carbon.super"
>> -H "Authorization: Basic xx,
>> Content-Type: application/x-www-form-urlencoded"
>> https://localhost:9443/oauth2/token
>
>
> Error :
>
> "Error decoding authorization header. Space delimited \"
>> \" format violated."
>
>
>
> Is there is a issue with the curl command i am using here ?
>
> Thanks and Regards.
> Kamidu Sachith Punchihewa
> *Software Engineer*
> WSO2, Inc.
> lean . enterprise . middleware
> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev