Generate user Oauth2 token from Store, Google Federated Authenticator - WSO2 AM 2.0.0

0
votes

In API Manager 2.0.0 I have configure a federated authenticator for oauth2, setting-up with a google authentication, and configure a service provider for an application to use this federated authenticator. Then I follow the tutorial [1] in order to use this application with the google authentication.

When I try to generate the keys from the Store portal using Code or Implicit grant types, the server give me the following error:

Error occurred while calling token endpoint: HTTP error code : 400

and in the log shows:

{"error_description":"Provided Authorization Grant is invalid","error":"invalid_grant"}

Can anyone help me with this problem? How can I configure a federated authenticator to consume te APIs/Applications?

Thanks.

Here you can see the debug log of APIM.

[1] http://xacmlinfo.org/2015/04/28/federated-authentication-for-granting-oauth2-access-token-with-wso2-api-manager-apim/

1
wso2wso2-amwso2carbongoogle-authentication
Can you attach a wso2 apim log created during the issue time?nwick
Hi nwick, I have add the log to the original question, thanks.Garrido
When Provided Authorization Grant is invalid while getting oauth token, enable debug log for org.wso2.carbon.identity.oauth2 package. You can get more specific root cause.lakshman

1 Answers

0
votes

Probably your Service Provider doesn't allow Implicit and Code grants by default.

To change this log into carbon on Service Providers -> List. Choose your SP and then click on Edit.

In the edit page, go to Inbound Authentication Configuration -> OAuth/OpenID Connect Configuration. Your application key and secret should be listed here, the one that you generate on the store.

Click on edit, this will bring all the OAuth grants available. Probably Code and Implicit are unchecked. Check them and click on Update, you should be able to generate tokens using both grants now.