search

bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php
http://bshaffer.github.io/oauth2-server-php-docs
MIT License
3.26k stars 950 forks source link

{"error":"invalid_request","error_description":"The grant type was not specified in the request"} #755

Open mdhelaluddin-ctg-bd opened 8 years ago

mdhelaluddin-ctg-bd commented 8 years ago

I am just following you cookbook step by step guidelines to configure oauth2 server from the following linke http://bshaffer.github.io/oauth2-server-php-docs/cookbook/

I keep all things are same exactly described on this page.

But when I am trying to run the following command from command line curl -u testclient:testpass http://localhost/token.php -d 'grant_type=client_credentials'

Getting this error

{"error":"invalid_request","error_description":"The grant type was not specified in the request"}

bshaffer commented 8 years ago

I just ran through the same example, and could not duplicate your error. There must be something not set correctly in your environment. Can you tell me a little more about your platform? What version of this library are you using? What does your token.php and server.php look like?

shenmadouyaowen commented 8 years ago

To add client_id and client_secret curl -u testclient:testpass http://localhost/token.php -d 'grant_type=client_credentials&client_id=testclient&client_secret=testpass'

oksim14 commented 8 years ago

Same error. Did you fix it? Thx

kaoscoder commented 8 years ago

I ran into the same issue and it's b/c OAuth2\Controller\TokenController class is checking for the grant_type in the OAuth2\Request objects request array, but it's populated in the query array.

in OAuth2\Controller\TokenController.php line 88:

if` (!$grantTypeIdentifier = $request->request('grant_type')) { $response->setError(400, 'invalid_request', 'The grant type was not specified in the request'); return null; }

when I var_dumped the $request object, this is what I see:

object(OAuth2\Request)#8 (8) { ["attributes"]=> array(0) { } ["request"]=> array(0) { } ["query"]=> array(3) { ["grant_type"]=> string(18) "client_credentials" ["client_id"]=> string(10) "testclient" ["client_secret"]=> string(8) "testpass" } . . . }

so maybe line 88 should be updated to if` (!$grantTypeIdentifier = $request->query('grant_type'))

kaoscoder commented 8 years ago

ok I found the bug:

in OAuth2\Controller\TokenController.php in the static createFromGlobals() function on line 195, change

$request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER); to $request = new $class($_GET, $_REQUEST, array(), $_COOKIE, $_FILES, $_SERVER);

see more info about the $_REQUEST global variable here: http://php.net/manual/en/reserved.variables.request.php

helven commented 8 years ago

I changed the singlequote (') to doublequote (") on the curl command and it works. I'm running Win10

curl -u testclient:testpass http://localhost/oauth/token.php -d "grant_type=client_credentials"

cyrillenguetoum commented 7 years ago

Sorry for my bad English since i'm francophone. I solved this problem by specifying 2 headers in the request: Content-Type: application/json & Accept: application/json. Note: i'm using RestClient plugin for mozilla firefox for pulling requests to Server.

nelsonc24 commented 7 years ago

helven +1, it works for me! Thanks!

Abhishek103 commented 7 years ago

Hi, I am following the steps https://bshaffer.github.io/oauth2-server-php-docs/cookbook/laravel/ and when I tried to test via POSTMAN. I am getting this {"error":"invalid_request","error_description":"The grant type was not specified in the request"} I am using window 10. The version I am using : "bshaffer/oauth2-server-httpfoundation-bridge": "^1.3", "bshaffer/oauth2-server-php": "^1.9",

hitswa commented 6 years ago

Nope, none of above suggestions worked for me. just getting

{"error":"invalid_request","error_description":"The grant type was not specified in the request"}{"error":"invalid_request","error_description":"The grant type was not specified in the request"}

no matter if I use the single quote (') or double quote (") as suggested by haven...

in fact, when I use the double quote (") I get this response

{"error":"unsupported_grant_type","error_description":"Grant type \"client_credentials\" not supported"}{"error":"unsupported_grant_type","error_description":"Grant type \"client_credentials\" not supported"}

Also, when I tried suggestions from shenmadouyaowen I get following response

{"error":"invalid_request","error_description":"The grant type was not specified in the request"}{"error":"invalid_request","error_description":"The grant type was not specified in the request"}'client_id' is not recognized as an internal or external command, operable program or batch file.'client_secret' is not recognized as an internal or external command,operable program or batch file.

Didn't find anything suggested by kaoscoder on line number 88 in OAuth2\Controller\TokenController.php file but found it on 138. It seems like the code has been changed since his reply. Anyways, I changed acc to what he suggested and my error response was same.

Didn't find anything suggested by kaoscoder in his next suggestion in the entire file...

At the end still getting the same response.

My working environment Windows 8.1 XAMPP with PHP 7.1 Editor: Visual Studio Code (command prompt as default terminal where I executed curl command)

bandicsongor commented 6 years ago

Hi, if you use POSTMAN don't forget to set the Body content type to 'x-www-form-urlencoded'. This works for me.

oaktechster commented 6 years ago

use this simple test to replicate the issue:

use GuzzleHttp\Client; use GuzzleHttp\Psr7; use GuzzleHttp\Psr7\Request; use GuzzleHttp\Exception\ClientException;

try { $client = new Client(['base_uri'=>'http://localhost']); $header = [ 'query' => [ 'grant_type' => 'client_credentials', ], 'headers' => [ 'Authorization' => 'Basic '.$base64_encode('xxx:xxxx'), 'Content-Type' => 'application/x-www-form-urlencoded', ], 'verify' => false, 'http_errors' => false, 'form_params' => [ 'name' => 'test user', 'email' => 'test@test.com', ] ];

//Send a form POST to http://localhost/access/tokens?grant_type=client_credentials
$response = $client->request('POST', '/access/tokens', $header);
$responseBody = $response->getBody(true);

var_dump($responseBody);

} catch (ClientException $e) { echo 'Exception:' .$e->getResponse()->getBody(); }

it will return the response: {"error":"invalid_request","error_description":"The grant type was not specified in the request"}

the error is set in OAuth2/Controller/TokenController.php in the grantAccessToken() method: if (!$grantTypeIdentifier = $request->request('grant_type')) { $response->setError(400, 'invalid_request', 'The grant type was not specified in the request');

        return null;

}

You can see that it's checking the for the "grant_type" in the request() method in OAuth2/Request class. In this class, the $request property is initialized using the $_POST global variable in the createFromGlobals() method:

$class = get_called_class(); /* @var Request $request / $request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER);

However, in the sample code above, the grant_type was set in the query string, so it's not available in the $_POST variable. If I var_dump the $request object above, this is what I get:

object(OAuth2\Request)[74] public 'attributes' => array (size=0) empty public 'request' => array (size=2) 'name' => string 'test user' (length=9) 'email' => string 'test@test.com' (length=13) public 'query' => array (size=1) 'grant_type' => string 'client_credentials' (length=18) public 'server' => ...

You can see that the "grant_type" is in the $query property of the OAuth2/Request class, not in the $request property.

possible solutions: in OAuth2/Controller/TokenController.php in the grantAccessToken() method update it so it checks the query instead of the request. Change: if (!$grantTypeIdentifier = $request->request('grant_type')) { to if (!$grantTypeIdentifier = $request->query('grant_type')) {

OR in OAuth2/Request.php in the createFromGlobals() method update it so the $request property is initialized using the $_REQUEST instead of $_POST. Change: $request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER); to $request = new $class($_GET, $_REQUEST, array(), $_COOKIE, $_FILES, $_SERVER);

$_REQUEST global variable is an associative array that by default contains the contents of $_GET, $_POST and $_COOKIE.

Srinivasysr2003 commented 4 years ago

I have tried the fix provided by @schiggi. But It throws below error.

{"error":"unauthorized_client","error_description":"The grant type is unauthorized for this client_id"}

What I have understood, we need to add value "client_credentials" in grant_types table of "oauth_clients" and need to have double quote as mentioned by @helven

E:\my-oauth2-walkthrough>curl -u testclient:testpass http://localhost/token.php -d "grant_type=client_credentials" {"access_token":"cdddfe7c7cbwe5d79de75b3bf4c55fd75ffe18ab","expires_in":3600,"token_type":"Bearer","scope":null}

Hopefully, this might help others.

skechav commented 4 years ago

I have tried the fix provided by @schiggi. But It throws below error.

{"error":"unauthorized_client","error_description":"The grant type is unauthorized for this client_id"}

What I have understood, we need to add value "client_credentials" in grant_types table of "oauth_clients" and need to have double quote as mentioned by @helven

E:\my-oauth2-walkthrough>curl -u testclient:testpass http://localhost/token.php -d "grant_type=client_credentials" {"access_token":"cdddfe7c7cbwe5d79de75b3bf4c55fd75ffe18ab","expires_in":3600,"token_type":"Bearer","scope":null}

Hopefully, this might help others.

@Srinivasysr2003 Confirmed. In _oauthclients table the _granttype field should have the value _clientcredentials ( in the related client table row ofcourse ) . And the same goes for authorization_code grant_type . Then, from a cmd window execute curl : curl https://example.com/my-oauth2-walkthrough/token.php -d " grant_type=client_credentials&client_id=testclient2&client_secret=testpass"

and I get the response : {"access_token":"2b34451d91ef880bf461a9bcf8be12312ec21d67","expires_in":3600,"token_type":"Bearer","scope":"testapp"}

SimonPucheu commented 1 year ago

The solution of @oaktechster worked perfectly fine for me.

Change line 234 in OAuth2/Request.php in the createFromGlobals() method: From this: $request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER); To this $request = new $class($_GET, $_REQUEST, array(), $_COOKIE, $_FILES, $_SERVER);

I think it's because when you do something like this: curl -u testclient:testpass http://localhost/token.php -d 'grant_type=client_credentials' The request is submitted as a GET request and the $_POST superglobal doesn't contain the grant_type value (only in $_GET and $_REQUEST)

So etheir you make only POST requests or you put the $_REQUEST superglobal instead and you can do both GET and POST.

I hope this helps!

jonathanafranio commented 10 months ago

I'm also having this problem, to generate the token, it returns me

error "invalid_request" error_description "The grant type was not specified in the request"

But I'm passing the grant_type in the request:

<?php

$code = $_GET['code'];
$state = $_GET['state'];
$curl = curl_init();

$client_id = 'clientIDApp';
$client_secret = 'clientSecretApp';

curl_setopt_array($curl, 
    array(
        CURLOPT_URL => 'http://urlmysite.meus.br/oauth/token/',
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_CUSTOMREQUEST => 'POST',
        CURLOPT_POSTFIELDS => array(
            'grant_type'    => 'authorization_code',
            'code'          => $code,
            'client_id'     => $client_id
            'client_secret' => $client_secret,
            'state'         => $state,
        ),
        CURLOPT_HTTPHEADER => array(
            'Content-Type: application/x-www-form-urlencoded',
            'Authorization: Basic ' .base64_encode($client_id . ':' . $client_secret),
        ),

    )
);