search

ueberauth / oauth2

An Elixir OAuth 2.0 Client Library
MIT License
749 stars 139 forks source link

Not able get access token with ClientCredentials strategy #135

Closed joobisb closed 5 years ago

joobisb commented 5 years ago

@scrogson This is my curl request and I'm getting the access token successfully. curl -X POST --user <client_id>:<client_secret> '<site_url>/oauth2/token?grant_type=client_credentials' -H 'Content-Type: application/x-www-form-urlencoded'

Following are the steps I followed

client = OAuth2.Client.new([
  strategy: OAuth2.Strategy.ClientCredentials,
  client_id: "<client_id>",
  client_secret: "<client_secret>",
  site: "<site_url>",
  token_url: "/oauth2/token",
  headers: [
  {"content-type", "application/x-www-form-urlencoded"}
  ]
])

response = OAuth2.Client.get_token(client)

I,m getting response as 405 method not allowed as below

{:error,
 %OAuth2.Response{
   body: "",
   headers: [
     {"date", "Sun, 05 May 2019 12:18:00 GMT"},
     {"content-length", "0"},
     {"connection", "keep-alive"},
     {"set-cookie",
      "XSRF-TOKEN=<xsrf-token>; Path=/; Secure; HttpOnly"},
     {"x-amz-cognito-request-id", "<req_id>"},
     {"x-application-context", "application:prod:8443"},
     {"x-content-type-options", "nosniff"},
     {"x-xss-protection", "1; mode=block"},
     {"cache-control", "no-cache, no-store, max-age=0, must-revalidate"},
     {"pragma", "no-cache"},
     {"expires", "0"},
     {"strict-transport-security", "max-age=<max-age> ; includeSubDomains"},
     {"x-frame-options", "DENY"},
     {"server", "Server"},
     {"allow", "GET"}
   ],
   status_code: 405
 }}
scrogson commented 5 years ago

@joobisb can you please try with master?

joobisb commented 5 years ago

@scrogson I tried by importing this in mix.exs

def application do
  # Add the application to your list of applications.
  # This will ensure that it will be included in a release.
  [applications: [:logger, :oauth2]]
end

defp deps do
  # Add the dependency
  [{:oauth2, "~> 1.0"}]
end

What should I do to try in master?

scrogson commented 5 years ago 
{:oauth2, github: “scrogson/oauth2”}
joobisb commented 5 years ago

@scrogson I tried but still getting same error response. Does it have something to do with content-type?

scrogson commented 5 years ago

I believe the content-type is set for you automatically.

scrogson commented 5 years ago

Just to make sure...did you run mix does.update oauth2 after changing the dependency in mix.exs?

joobisb commented 5 years ago

yes I did that

joobisb commented 5 years ago

@scrogson So what might be the issue?

scrogson commented 5 years ago

Next thing to try is to turn on hackney tracing and figure out what is being sent to the server. Place this before the call to get_token:

:hackney_trace.enable(:max, :io)
joobisb commented 5 years ago

@scrogson The issue is solved. By default the accept and content-type header was application/x-www-form-urlencoded and that was causing the problem. I changed accept header to */* and I got the access token. Thanks for helping me to trace it out.