Unable to get token from Thinktecture Authorization Server

3
votes

I am unable to get an access token from Thinktecture Authorization Server. After successfully getting grant code, I try make a POST request to the token endpoint, but always get a 400 Bad Request with this response: message: "{ "error": "invalid_client" }"

My request was: POST to https://host/authz/users/oauth/token request body: {"code":"grant_code_received_from_previous_request","client_id":"myclient","grant_type":"authorization_code","client_secret":"mysecret"}

My client is setup properly in the Authorization Server. My client id and secret are correct; they are the same value I used to the grant code in the previous request (/users/oauth/authorize).

Any idea for this "invalid_client" issue? There is no other information in the response other than "invalid_client".

3
oauthoauth-2.0thinktecture-ident-serverthinktecture-ident-modelthinktecture

3 Answers

3
votes

you need to send client credentials using http basic authentication instead of posting Id and secret in the body.

0
votes

I followed @leastprivilege advice and did that:

// set up the base64-encoded credentials
let clientId = "myclientid"
let clientSecret = "myclientsecret"

let loginString = NSString(format: "%@:%@", clientId, clientSecret)
let loginData: NSData = loginString.dataUsingEncoding(NSUTF8StringEncoding)!
let base64LoginString = loginData.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(0))

After that created the request instance like this:

var request = NSMutableURLRequest(URL: myUrl!)
request.HTTPMethod = "POST"

// Only these four are required based on the documentation.        
let postString = "grant_type=authorization_code&code=\(code)&redirect_uri=app:/your.redirect.uri"

request.HTTPBody = postString.dataUsingEncoding(NSUTF8StringEncoding)

request.setValue("Basic \(base64LoginString)", forHTTPHeaderField: "Authorization")

Hope it helps!

-1
votes

You can get the more information on the logging file. Take a look at it, you can check the logging options on the web.config of the Identity Server:

 <system.diagnostics>
<!-- simple system.diagnostics logger -->
<trace autoflush="true" indentsize="4">
  <listeners>
    <add name="myListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="Trace.log" />
    <remove name="Default" />
  </listeners>
</trace>

<!-- can be used with TraceSource logger -->
<!--<sources>
  <source name="Thinktecture.IdentityServer"
          switchValue="Information, ActivityTracing">
    <listeners>
      <add name="xml"
           type="System.Diagnostics.XmlWriterTraceListener"
           initializeData= "trace.svclog" />
    </listeners>
  </source>
</sources>-->

More information about logging at: http://identityserver.github.io/Documentation/docs/configuration/logging.html