WSO2 IS: Error using OAuth Authorization Code flow with SOAP API

0
votes

I'm using the OAuth Authorization Code flow to authenticate the user and authorize my application against the WSO2 Identity Server. I'm using a simple node/express server, with Passport.js, to get the Access Token, and Postman to use that Access Token to make a few test requests to the SOAP APIs.

When using a Bearer Token method to authorize my application, I get the following error in the IS logs: 0 active authenticators registered in the system. The system should have at least 1 active authenticator service registered. I get the following error in Postman: 500 Internal Server Error, with the following response body, <faultstring>Authentication failure</faultstring>.

Here is what it looks like in Postman: enter image description here

The same Access Token works with a REST API request, like "https://localhost:9443/scim2/Me".

Can anyone tell me what I'm missing here?

2
oauth-2.0wso2wso2is
OAUTH doesn't have '-', can you remove '-' from the token and try again, meanwhile can you tell me whether in REST API, are you passing '-' in the token field or notamg_amit
Hi @amg_amit, thanks for your response! I'm using the exact same access token, including the dashes (-), for the REST endpoint, and I get the expected user data returned. I've tried removing the dashes in the token for both requests, and both fail when I do so.mtl
In Postman, there is a header tab can you select that and paste the header values,This Header is next to the Authorization tabamg_amit
Hi @amg_amit, here are the header values: Authorization: Bearer 873b4a13-a49b-321f-b43b-7a5e8eb6fc59 Content-Type: text/xmlmtl
I should probably also mention that the request works if I use Basic Auth instead.mtl

2 Answers

3
votes

SOAP APIs in WSO2 Identity Server cannot be authenticated with Bearer tokens. They can be authenticated with Basic authentication and cookies. That's the reason for getting Authentication failure in the response.

But REST APIs in the Identity Server can be authenticated with Bearer tokens. So /scim2/Me authenticate successfully with access token.

-1
votes

Try to get the Access token manually from Authorize service and use it

Step 1: Get authorization code

https://<is_server_url>:9443/oauth2/authorize?client_id=<id>&redirect_uri=<callback_url>&response_type=code&scope=openid

You will get an authorization code on the callback URL

Step 2: Call token service to get access token

Post https://<is_server_url>:9443/oauth2/token
Content-Type:application/x-www-form-urlencoded
Authorization:Basic <base64encoded "<client_id>:<client_secret>">

grant_type:authorization_code
scope:openid
code:<code_from_step_1>
redirect_uri:<callback_url>

exp:

client_id=**abcdefgh12345678**
client_secret=**xyzsecretkey**
callback_url=**http://locahost/callback**
scope=openid

server: localhost base64encode(client_id:client_secret)= base64encode(abcdefgh12345678:xyzsecretkey) => YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=

  1. GET https://localhost:9443/oauth2/authorize?client_id=**abcdefgh12345678**&redirect_uri=**http://locahost/callback**&response_type=code&scope=openid

it will make a request back to the callback url with a parameter code, lets say code=this01is02your03code, please check your browser address bar

  1. POST https://localhost:9443/oauth2/token

HEADERS 

Content-Type:application/x-www-form-urlencoded

Authorization:Basic **YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=**

BODY

grant_type:authorization_code

scope:openid

code:this01is02your03code

redirect_uri:http://locahost/callback

this will return an access token, let say token returned by the server is 12345678ASDFGH

Now you could use this token to call any RestFull or SOAP service

Authorization: Bearer 12345678ASDFGH