This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

OAuth Generate Access Token Fails - Incase of External Authorization

Posted on 09-30-2015 06:57 AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="GenerateAccessToken">
    <DisplayName>GenerateAccessToken</DisplayName>
    <ExternalAuthorization>true</ExternalAuthorization>
    <ExternalAccessToken>request.queryparam.external_access_token</ExternalAccessToken>
    <StoreToken>true</StoreToken>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.queryparam.grant_type</GrantType>
    <GenerateResponse enabled="true"/>
</OAuthV2>

I have set "oauth_external_authorization_status" to true & trace confirms same. Above policy fails to generate access token & ends up with below error.

{"ErrorCode" : "invalid_client", "Error" :"Client identifier is required"}

Not sure what i am missing here... Is it a bug in the platform ? Client credentials flow works perfectly fine with same request... password grant type with external authorization fails to generate access token

Solved Solved
1 7 1,451
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
adas
New Member
Reply posted on --/--/---- --:-- AM

@Anil Sagar What is the request you are making ? You should be doing something like this:

curl -v http://myorg-test.apigee.net/v1/oauthv2/access_to. 

-H "Content-Type: application/x-www-form-urlencoded"
-d 'grant_type=password&username=hello&password=world&client_id=${key}'

You don't need to specify:

<GrantType>request.queryparam.grant_type</GrantType>

As long as you have the oauth_external_authorization_status set to true and have the ExternalAuthorization set to true in the policy, it should work. A sample policy with externalAuthorization would look like this:

<OAuthV2 name="OauthV2Policy" continueOnError="true">
<SupportedGrantTypes>
         <GrantType>password</GrantType>
         <GrantType>client_credentials</GrantType>
         <GrantType>authorization_code</GrantType>
         <GrantType>implicit</GrantType>
</SupportedGrantTypes>
<GenerateResponse/>
<ExternalAuthorization>true</ExternalAuthorization>
</OAuthV2>

View solution in original post

Jump to Solution
0 Likes
7 REPLIES 7
Top Solution Authors
View all