openid-connect/token ; status 400 (Bad Request)

[ccsmart]

request

POST /auth/realms/gawati.org/protocol/openid-connect/token HTTP/1.1 Host: auth.gawati.org Authorization: Basic Z2F3YXRpLXBvcnRhbC11aTphYTNmMjFhYS01NTY1LTQxODQtYjZiYi0xMWY4YzY0MmU2MWE= Origin: https://dev.gawati.org User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Referer: https://dev.gawati.org/_lang/en/ Accept-Encoding: gzip, deflate, br Accept-Language: en,en-US;q=0.9,de-DE;q=0.8,de;q=0.7 Cookie: AUTH_SESSION_ID=ba0775f1-a6db-4df5-959d-d4a67162efb1.alldev; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiOWNiY2FlZGYtYTk3NS00MDk0LWExYjItNjViODUyN 2E0NDczIn0.eyJqdGkiOiIxZDRiZjRhYS0xYzVmLTRiZmYtYTVkMi1lM2E3YzUxOTcwM2MiLCJleHAiOjE1MjM2NTQyNjQsIm5iZiI6MCwiaWF0IjoxNTIzNjE4MjY0LCJpc3MiOiJodHRwczovL2F1dGguZ2F3Y XRpLm9yZy9hdXRoL3JlYWxtcy9nYXdhdGkub3JnIiwic3ViIjoiZGM3Yjk4OGQtNjI0OS00NmJlLTg3MzktZTg2Y2Y5ZWI1YWM1IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmEwNzc1ZjEtYTZkY i00ZGY1LTk1OWQtZDRhNjcxNjJlZmIxIiwicmVzb3VyY2VfYWNjZXNzIjp7fSwic3RhdGVfY2hlY2tlciI6IjV4UkZiTXFSYlUxYjZ2aTNfdkJSTHI1RHdzc041aktHNDdKcGdoaGJkT0EifQ.SzMR0tO3gQevYA sbmQx30kyXxeWGOK4OmnnnPgA1Guk; KEYCLOAK_SESSION=gawati.org/dc7b988d-6249-46be-8739-e86cf9eb5ac5/ba0775f1-a6db-4df5-959d-d4a67162efb1 X-Forwarded-Proto: https X-Forwarded-Port: 443 X-Forwarded-For: 109.164.203.165 X-Forwarded-Host: auth.gawati.org X-Forwarded-Server: auth.gawati.org

---

response

HTTP/1.1 400 Bad Request Connection: keep-alive Content-Type: application/json Content-Length: 75 Date: Fri, 13 Apr 2018 11:17:44 GMT

{"error":"unauthorized_client","error_description":"Invalid client secret"}

[kohsah]

@ccsmart Actually i cannot login in https://dev.gawati.org Something is blown .... I have it working on 2 local setups... however I am running a more recent version of the gawati auth client library. Will merge that into dev, it may fix things.

[ccsmart]

You report problems second time (of two tries?) you see trying to log in. However, since reporting availability i never had. Can you check if you have DNS overrides in your hosts file ?

[kohsah]

login as test/ test, logs in successfully but on redirect i get an alert box:

however, I do think the updated auth client implementation will fix these issues. Hosts file, no overrides in it:

127.0.0.1       localhost
127.0.0.1       gawati.local
127.0.0.1       data.local
127.0.0.1       media.local
127.0.0.1       auth.gawati.local
127.0.0.1       api.gawati.local
104.199.25.219  lexafrica.akomantoso.com

[ccsmart]

Aha. Well actually that is what i believe to be this issue #71. That is, i believe it happens immediately after login.

[kohsah]

Should be possibly fixed by an updated gawati-auth implementation (from the gawati-client). Merging that shortly

[kohsah]

@ccsmart intermediate fix committed, resolves the problem for now; but needs a better longer term fix.

[kohsah]

@ccsmart committed a longer term fix in the branch auth-wrapper-indexjs which makes use of keycloak sign on, needs a bit more cleanup / testing before merging into dev .

[kohsah]

@ccsmart Fixed in https://github.com/gawati/gawati-portal-ui/commit/5c67f3b96d50875c7312ea94159b8641e6983931 ; Also updating docs on how to setup SSO with Gawati .