wso2 API Manager “Unsupported Client Authentication Method!”
Question
I am attempting to use the OAuth2 grant_type=password for a token request as described here with the WSO2 API Manager. Using the following curl command.
curl -k -d "grant_type=password&username=<uname>&password=<pwd>&scope=PRODUCTION" http://localhost:8280/token
The response from this request is:
{"error":"invalid_request","error_description":"Missing parameters: client_id"}
Next, I supply my consumer key and the curl request becomes the following:
curl -k -d "grant_type=password&username=<uname>&password=<pwd>&scope=PRODUCTION&client_id=<myconsumerkey>" http://localhost:8280/token
However, the response is baffling:
{"error":"unsupported_client_authentication_method","error_description":"Unsupported Client Authentication Method!"}
So, my question is does the API Man just not support this grant_type? Or, am I doing something incorrectly here? Should I be looking at the identity server for this grant type?
Cheers
1 answers
solution1
0 ACCPTED 2014-01-17 17:26:28
You want to send the client credentials (client key and secret) in HTTP Basic Authorization header. Curl command would be such as following. Here "--user client-Key:client-Secret" has been used to creates the Basic Authorization header using curl command. You can use following command with your values.
curl --user tFVhXORF35S9TTyeaZIH2IEXEw4a:4h6fq4jgRYKrr4v91A_zQgw4Xtoa -k -d "grant_type=password&username=admin&password=admin" -H "Content-Type: application/x-www-form-urlencoded" https://{IP}:{Port}/oauth2/token
Add in to this more, I guess WSO2API does not support to receive client credentials in request body. According to the OAuth 2.0 spec, It is not recommended. Please check here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.