search

OpenBankingToolkit / openbanking-reference-implementation

ForgeRock OpenBanking Reference Implementation is an example of how you can bundle all the micro-services together to create an Open Banking eco-system
Apache License 2.0
7 stars 4 forks source link

Cannot get access token using tls_client_auth #115

Closed benjefferies closed 4 years ago

benjefferies commented 4 years ago

Describe the bug When trying to get an access token using tls_client_auth I get the error

curl --location --request POST 'https://matls.as.aspsp.ob.forgerock.financial/oauth2/access_token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=openid accounts' \
--data-urlencode 'client_id=ad5fc2de-aa11-4b2f-aa66-615e8a388169'
{"error_description":"Invalid authentication method for accessing this endpoint.","error":"invalid_client"}

To Reproduce Steps to reproduce the behaviour:

  1. Dynamically register with the token_endpoint_auth_method and tls_client_auth_subject_dn 
      "token_endpoint_auth_method": "tls_client_auth",
  "tls_client_auth_subject_dn": "YOUR SUBJECT DN",
  2. Try to get an access token 
    curl --location --request POST 'https://matls.as.aspsp.ob.forgerock.financial/oauth2/access_token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=openid accounts' \
--data-urlencode 'client_id=ad5fc2de-aa11-4b2f-aa66-615e8a388169'

Expected behaviour An access token

Current behaviour

{"error_description":"Invalid authentication method for accessing this endpoint.","error":"invalid_client"}
benjefferies commented 4 years ago

Fixed and tested in integration environment