The authenticated client is not authorized to use this authorization grant type

0
votes

I have been building a React based SPA to consume an API deployed in WSO2 API Manager. I did everything mentioned in this excellent tutorial : https://wso2.com/blogs/thesource/2019/08/building-a-react-based-single-page-application-to-consume-an-api-deployed-in-wso2-api-manager/

So i am using OAuth2 implicit grant type. However i have this error message after i reach the /authorize request :

Object { error: "unauthorized_client", error_description: "The authenticated client is not authorized to use this authorization grant type", session_state: "485a86f974459bfb9cdd7a845341e88bcc4cfedc242cb15cfc2956e131a7c44c.SMRIHTA_L6wA3yqb59iSSA", sp: "admin_ReactApp_PRODUCTION", tenantDomain: "carbon.super" }
Auth.js:26

What could be wrong ? In my dev portal interface (https://localhost:9443/devportal), i have noticed all but the implicit grant types are listed. It is not showing in the list.

Thanks for helping.

1
wso2

1 Answers

0
votes

The above error only comes if the following method returns false.

https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L123

Hence, The only possibilities are the following.

  1. Implicit grant type is not enabled for the application.
  2. Authorization request does not contain the response type as response_type=id_token

1.Enabling implicit grant in dev portal

In the application section. add the callback URL which you defined in the authorization request. Then the implicit tick will appear and you will be able to select the grant.

refer to this image

please re-check the authorization request which you are initiating from the client application.

https://localhost:8243/authorize
scope=openid
&response_type=id_token
&redirect_uri=http://localhost:8080/playground2/oauth2client
&nonce=13e2312637dg136e1
&client_id=mzdQQ0RZOIqAf549ucIImB4h0SIa

If the above two are good. you should be able to resolve the error.

Thanks Dileepa