unexplained Client authentication failed error

[Kerrialn]

The /token endpoint is responding with 401.

• The client has the grant type of password
• The security access control and firewalls are configured as per the documentation
• The public and private key's have been generated
• The password is correct

Stack

• Symfony 5.3
• php 8.0.1
• api-platform 2.6
• trikoder/oauth2-bundle 3.2

Response:

{
    "error": "invalid_client",
    "error_description": "Client authentication failed",
    "message": "Client authentication failed"
}

Request body details:

grant_type: password client_id: 5b810fc66e1b142ac324b123c82eb581, client_secret: aeb94068f1b703bed82cc21e48ffc4e9105d69df4cb68ff62b168e33e550706ba4c299e938e500164225e64f50f27f7f15ef893f3c2a2a493f59b35f386bc2d5 username: role_super_admin@fixture.com password: 12345678

Log output:

[2021-11-01T18:19:56.716107+01:00] php.INFO: User Deprecated: Since symfony/security-bundle 5.3: The "security.authentication.manager" service is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-bundle 5.3: The \"security.authentication.manager\" service is deprecated, use the new authenticator system instead. at /var/www/code/var/cache/dev/ContainerW9AsxaO/getSecurity_Authentication_ManagerService.php:22)"} []
[2021-11-01T18:19:56.735584+01:00] php.INFO: User Deprecated: Since symfony/security-core 5.3: The "Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager" class is deprecated, use the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.3: The \"Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager\" class is deprecated, use the new authenticator system instead. at /var/www/code/vendor/symfony/security-core/Authentication/AuthenticationProviderManager.php:27)"} []
[2021-11-01T18:19:56.736688+01:00] php.INFO: User Deprecated: Since symfony/security-core 5.3: The "Symfony\Component\Security\Core\Event\AuthenticationFailureEvent" class is deprecated, use "Symfony\Component\Security\Http\Event\LoginFailureEvent" with the new authenticator system instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-core 5.3: The \"Symfony\\Component\\Security\\Core\\Event\\AuthenticationFailureEvent\" class is deprecated, use \"Symfony\\Component\\Security\\Http\\Event\\LoginFailureEvent\" with the new authenticator system instead. at /var/www/code/vendor/symfony/security-core/Event/AuthenticationFailureEvent.php:18)"} []
[2021-11-01T18:19:56.883198+01:00] request.INFO: Matched route "oauth2_token". {"route":"oauth2_token","route_parameters":{"_route":"oauth2_token","_controller":"Trikoder\\Bundle\\OAuth2Bundle\\Controller\\TokenController::indexAction"},"request_uri":"http://localhost:8080/token","method":"POST"} []
[2021-11-01T18:19:57.533603+01:00] doctrine.DEBUG: SELECT t0.secret AS secret_1, t0.redirect_uris AS redirect_uris_2, t0.grants AS grants_3, t0.scopes AS scopes_4, t0.active AS active_5, t0.allow_plain_text_pkce AS allow_plain_text_pkce_6, t0.identifier AS identifier_7 FROM oauth2_client t0 WHERE t0.identifier = ? ["5b810fc66e1b142ac324b123c82eb581"] []

config/packages/trikoder_oauth2.php

<?php

declare(strict_types=1);

use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;

return static function (ContainerConfigurator $containerConfigurator): void {
    $containerConfigurator->extension('trikoder_oauth2', [
        'authorization_server' => [
            'private_key' => __DIR__ . '/../../var/oauth/private.key',
            'private_key_passphrase' => null,
            'encryption_key' => '%env(string:OAUTH2_ENCRYPTION_KEY)%',
            'grant_types' => [
                'authorization_code' => [
                    'enable' => true
                ],
                'client_credentials' => [
                    'enable' => true
                ],
                'implicit' => [
                    'enable' => true
                ],
                'password' => [
                    'enable' => true
                ],
                'refresh_token' => [
                    'enable' => true
                ],
            ],
        ],
        'resource_server' => [
            'public_key' => __DIR__ . '/../../var/oauth/public.key',
        ],
        'persistence' => [
            'doctrine' => null,
        ],
    ]);
};

[X-Coder264]

That exception is created in League\OAuth2\Server\Exception\OAuthServerException::invalidClient() and it's usually caused by the validateClient method returning false so my suggestion would be to check that first.