Open iflp opened 8 years ago
Hey there!
The OAuth password grant on the express integration is intended on being used by mobile and/or frontend web clients. Thus you DO NOT need to authenticate with your Stormpath API Keys to this endpoint.
You should be able to get OAuth password grant working if you remove the Authorization
header in your above mentioned request =]
Let us know if this works for you!
hey @edjiang,
Thanks for the fast response, I tried that initially, but it was giving me back an invalid request.
POST /oauth/token HTTP/1.1
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
grant_type=password&username=test%40mail.com&password=password
init code:
app.use(stormpath.init(app, {
expand: {
customData: true
},
web: {
produces: ['application/json']
}
}));
Any ideas?
Figured it out. It works if it's json instead of x-www-form-urlencoded:
POST /oauth/token HTTP/1.1
Host: localhost:3000
Content-Type: application/json
Accept: application/json
Cache-Control: no-cache
{
"grant_type" : "password",
"username" : "test@mail.com",
"password" : "password"
}
Is there an error in the docs? http://docs.stormpath.com/nodejs/express/latest/authentication.html#oauth2-password-grant
No, that's really weird. This endpoint should respond to what you're posting. The only thing I can think is that the @ sign shouldn't be percent encoded? I'll have to take a look tomorrow.
I have a hosted version of express-stormpath you can try hitting at https://stormpathnotes.herokuapp.com. See if you can register and use the OAuth endpoint on there? Code for mine at https://github.com/stormpath/stormpath-express-mobile-notes-example
Ah! I was talking with someone else about a similar issue and figured out (most likely) what's going on with your issue. Are you using body-parser elsewhere in your application? If so, I noticed it messing with the express-stormpath routes for some reason. I'll ask @robertjd to take a futher look into it tomorrow.
Anyways, make sure in your app, either bind body-parser after the stormpath middleware, or, just add:
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended: false}))
Hi,
I'm trying to implement oauth2 password grant by following the docs. When I try to run
I get back an
invalid_request
error. However when I try runI get back the intended response.