search

SalesforceCommerceCloud / sfcc-ci

Salesforce Commerce Cloud CLI
https://npmjs.com/package/sfcc-ci
BSD 3-Clause "New" or "Revised" License
230 stars 92 forks source link

Error: Authentication failed: Resource owner authentication failed #568

Open NYxcentium opened 4 months ago

NYxcentium commented 4 months ago

sfcc-ci Version

2.11.0

NodeJS Version

21.7.1

sfcc-ci Path

sfcc-ci

Host OS Details

No response

What happened?

Hello all,

I'm having auth issues running sfcc-ci auth command with :

image

Looks like grant type should be 'client_credentials' instead 'pasword'

Relevant log output

REQUEST emitting complete https://account.demandware.com/dw/oauth2/access_token
{
  response: {
    debugId: 1,
    headers: {
      'cache-control': 'no-store',
      pragma: 'no-cache',
      'content-type': 'application/json;charset=UTF-8',
      'content-length': '84',
      date: 'Fri, 24 May 2024 21:09:39 GMT',
      'referrer-policy': 'strict-origin-when-cross-origin',
      'strict-transport-security': 'max-age=15724800; includeSubDomains',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'SAMEORIGIN',
      'x-ratelimit-limit': '400, 400;w=60, 5000;w=60',
      'x-ratelimit-remaining': '399',
      'x-ratelimit-reset': '20',
      vary: 'Accept-Encoding',
      server: 'envoy'
    },
    statusCode: 400,
    body: {
      error_description: 'Resource owner authentication failed',
      error: 'invalid_grant'
    }
  }
}
tobiaslohr commented 3 weeks ago

Hi @NYxcentium, in case you are using command sfcc-ci client:auth and you are not passing any user credentials, a lookup of user credentials from a dw.json in the current working directory or from well-known env vars is done, see also the help text sfcc-ci client:auth --help

If user credentials are not provided, they are read from a dw.json file located in the current working directory. You may use environment variables SFCC_OAUTH_USER_NAME and SFCC_OAUTH_USER_PASSWORD to pass the user credentials alternatively.

You can validate if this is happening, by using the --debug flag and check the debug logs in the console.

We have recently merged #499 which allows you to force the CLI not to read the user credentials from the dw.json. This change will be in the upcoming 2.12.0 release. Another option you have is to change the working directory so that the dw.json is not found any longer.

NYxcentium commented 3 weeks ago

Hello @tobiaslohr,

I think the issue is that I used password instead of Access Key