Ballerina Oauth2 authenticated endpoint returning a 406

Question

I am trying to call a 3rd party service that uses Oauth2 Password Credentials to get an authentication token. Ballerina is returning the following messages.

2020-04-23 15:07:35,414 ERROR [ballerina/oauth2] - Received an invalid response with status-code: 406; and payload: {"fault":{"faultstring":"Raising fault. Fault name : RF.Raise-406-Exception","detail":{"errorcode":"steps.raisefault.RaiseFault"}}} 
2020-04-23 15:07:35,418 ERROR [ballerina/oauth2] - Failed to generate OAuth2 token. : error {ballerina/oauth2}Error message=Received an invalid response with status-code: 406; and payload: {"fault":{"faultstring":"Raising fault. Fault name : RF.Raise-406-Exception","detail":{"errorcode":"steps.raisefault.RaiseFault"}}} 
error {ballerina/http}AuthenticationFailed message=Failed to prepare request at bearer auth handler. cause=error {ballerina/auth}Error message=Failed to generate OAuth2 token. cause=error {ballerina/oauth2}Error message=Received an invalid response with status-code: 406; and payload: {"fault":{"faultstring":"Raising fault. Fault name : RF.Raise-406-Exception","detail":{"errorcode":"steps.raisefault.RaiseFault"}}}

It's the 406 code that is confusing me as I have set both the content type & accept headers to "application/json" which is what the service requires. However, the second message says "Failed to generate OAuth2 token" so could it be the call to get the oauth token that is returning the 406? If so how do I set the accept header on the token service call?

Using Ballerina I have called the token endpoint and successfully got a token but if I try to call a service using a PasswordGrantConfig those are the errors I get. I've tried everything I can think of and have successfully got other services using ClientCredentialsGrantConfig to work. Any help gratefully received.

The relevant code is below. The three sections below are parts of the code in 3 different.bal files.

// configure the Oauth2 Config
import ballerina/config;
import ballerina/http;
import ballerina/oauth2;

public function getOauth2Handler() returns http:BearerAuthHandler {
    oauth2:PasswordGrantConfig passwordGrantConfig = {
        tokenUrl: config:getAsString("experian.authentication.tokenUrl"),
        username: config:getAsString("experian.authentication.username"),
        password: config:getAsString("experian.authentication.password"),
        clientId: config:getAsString("experian.authentication.clientId"),
        clientSecret: config:getAsString("experian.authentication.clientSecret"),
        credentialBearer: http:AUTH_HEADER_BEARER
    };
    oauth2:OutboundOAuth2Provider oauth2Provider = new (passwordGrantConfig);
    return new (oauth2Provider);
}

// Configure the API Client
http:ClientConfiguration delphiSelectClientConfig = {
    auth: {
        authHandler: experian:getOauth2Handler()
    }
};

experian:DelphiSelectClientConfig delphiSelectConfig = {
    serviceUrl: config:getAsString("experian.services.delphi-select.serviceUrl"),
    clientConfig: delphiSelectClientConfig
};

experian:DelphiSelectClient delphiSelectClient = new (delphiSelectConfig);

// Call the endpoint using the Oath2 configuration
import ballerina/http;
import ballerina/io;

public type DelphiSelectClientConfig record {
    string serviceUrl;
    http:ClientConfiguration clientConfig;
};

//==============================
//============Client============
//==============================

public type DelphiSelectClient client object {
    public http:Client clientEp;
    public http:ClientConfiguration config;

    public function __init(DelphiSelectClientConfig config) {
        http:Client httpEp = new (config.serviceUrl, {auth: config.clientConfig.auth});
        self.clientEp = httpEp;
        self.config = config.clientConfig;
    }

    public remote function newApplication() returns @untainted json|error {
        io:println("In newApplication function");
        http:Request request = new;
        json requestBody = newApplicationBody; // get test data from json in another file
        request.setJsonPayload(requestBody);

        var response = check self.clientEp->post("/application", request);
        var payload = check response.getJsonPayload();
        return payload;
    }
};

I have also modified my test code to call the token EP and deliberately set accept to an unacceptable value, for example, "text/csv" . In this case I get the same error response. However setting accept to "*/*" does work. Final test; accept of "" (empty) also fails so I suspect that the BearerAuthHandler is not setting any value for accept .

So can I force the BearerAuthHandler to set an accept of "application/json" ?

Thanks. See picture below.

Also, the example in the Oath2 spec you referenced shows a content-type value being set. Even a value of “*/*” would work but I suspect Ballerina leaves it blank. I have raised the GitHub issue Need to be able to set http header values for OutboundOAuth2Provider

Answer 1

The main objective of http:OutboundAuthHandler objects are to prepare the http:Request with authentication information that needs to be authenticated with external endpoint you are calling to.

The http:BearerAuthHandler is responsible for adding Authorization header with the value of Bearer <token> . "token" is prepared with the provided information. So, there is no option to force http:BearerAuthHandler to set any header for the request.

But in this case, if the API successfully respond if there is Accept header with the value of application/json , you can simply add that header to the http:Request before calling the POST request as follow:

request.addHeader("Accept", "application/json");