search

gravitee-io / issues

Gravitee.io - API Platform - Issues
64 stars 26 forks source link

To add the "client_credentials" grant type to the default admin client in AM #1281

Closed pletessier closed 6 years ago

pletessier commented 6 years ago

Expected Behavior

I would like to be able to configure the Access Management by API. To do that I need an access token, which can be created with :

$ http POST 'http://localhost/am/admin/oauth/token' authorization:"Basic YWRtaW46YWRtaW4tc2VjcmV0" cache-control:"no-cache" grant_type==client_credentials

HTTP/1.1 200 OK
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Date: Tue, 05 Jun 2018 11:08:10 GMT
Expires: 0
Pragma: no-cache
Server: nginx/1.12.1
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

{
    "access_token": "37410fd3-b2aa-47d2-8f8f-c23da2aa62d9",
    "expires_in": 7199,
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6ImFkbWluIiwiaXNzIjoiaHR0cDovL2dyYXZpdGVlLmFtIiwiZXhwIjoxNTI4MTk2ODkwLCJpYXQiOjE1MjgxOTY4OTB9.Gn5oiT50jyX0IQA9xZUdmT7jf6ruUu9x3j_IOKMtyhLGUnwlciMiS1izGbHMcKK6hV-E40CIjeqAwO0ZLmvyLA12nF9ysg1vzmz79qS_Ag1CpDuqHOzg37TYRpEzzi8gcb46dn8KtSNxZLxw3fenqFIYG0amephPG-98RIvMxdj6mahEbEboQL_ihjXE1L4K4DSGSww-VSsMxo9MSmE-PedXRiPH_pSI4ciH5-wa8rjd2QlX_xowCHQupAHUY6_smDzny5s77jLaDq06-JefkxNj9mIgJGNkyFyWYJCqlVl13ueAmwU8imgIOx-T4BFnE4khQ9AxXd0tmVD4nsL5Yw",
    "scope": "openid",
    "token_type": "bearer"
}

Current Behavior

The call is unauthorized because the default admin client has not the client_credentials grant type :

$ http POST 'http://localhost/am/admin/oauth/token' authorization:"Basic YWRtaW46YWRtaW4tc2VjcmV0" cache-control:"no-cache" grant_type==client_credentials

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Date: Tue, 05 Jun 2018 11:08:04 GMT
Expires: 0
Pragma: no-cache
Server: nginx/1.12.1
Transfer-Encoding: chunked
WWW-Authenticate: Bearer error="invalid_client", error_description="Unauthorized grant type: client_credentials"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

{
    "error": "invalid_client",
    "error_description": "Unauthorized grant type: client_credentials"
}

Possible Solution

To add the client_credentials do the default admin client.

Context

Trying to deploy the full APIM and AM solution in a microservices project with 3 API, in Docker Swarm. The whole project has to be deployed with a single call to docker stack deploy and a few configuration in yaml files.

Your Environment

Version used: 1.6.2

tcompiegne commented 6 years ago

Closed by https://github.com/gravitee-io/graviteeio-access-management/pull/244