"error": "invalid_client" django-oauth-toolkit - django

I am using django rest framework with django-oauth-toolkit. When i request access token on my localhost it gives me the access token as shown below
~/django_app$ curl -X POST -d "grant_type=password&username=<Your-username>&password=<your-password>" -u"<client-id>:<client-secret>" http://localhost:8000/o/token/
{"access_token": "8u92BMmeZxvto244CE0eNHdLYWhWSa", "expires_in": 36000, "refresh_token": "faW06KKK71ZN74bx32KchMXGn8yjpV", "scope": "read write", "token_type": "Bearer"}
But when i request the access token from the same project hosted on live server, it give me error as invalid_client.
~/django_app$ curl -X POST -d "grant_type=password&username=<Your-username>&password=<your-password>" -u"<client-id>:<client-secret>" http://<your-domain>/o/token/
{
"error": "invalid_client"
}
I am not able to understand where is the problem coming from. I have searched a lot and didn't find the right answer. Please advise me what to do to get rid of this error.

I found the solution for this, instead of grant_type=password i have used grant_type=client_credentials then i got the access token. You can see the curl command below.
curl -X POST -d "grant_type=client_credentials&client_id=<your-client id>client_secret=<your-client secret>" http://your-domain/o/token/
{"scope": "read write", "token_type": "Bearer", "expires_in": 36000, "access_token": "ITx5KCjupsdbvbKvNQFyqZDEw6svSHSfdgjh"}
OR
If you want to do it with grant-type=password then here is command for that:
curl -X POST -d "grant_type=password&username=<your-username>&password=<your-password>&client_id=<your-client id>&client_secret=<your-client secret>" http://your-domain/o/token/
{"access_token": "0BVfgujhdglxC7OHFh0we7gprlfr1Xk", "scope": "read write", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "AwffMPzNXvghlkjhs8dpXk7gbhhjhljlldfE2nI"}
I referred this https://developer.amazon.com/de/docs/adm/request-access-token.html as my application was on AWS.

Get token from django-oauth-toolkit in JavaScript:
async function getToken () {
let res = await fetch("https://<your_domain>/o/token/", {
body: new URLSearchParams({
grant_type: 'password',
username: '<user_name>',
password: '<user_pass>',
client_id: '<client_app_id>',
client_secret: '<client_pass>'
}),
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
method: "POST"
})
return res.json();
}
console.log(await getToken());
Your client application authorisation grant type should be: "Resource owner password-based"
P.S. I've failed to get token via "Content-Type": "application/json", not sure why (django-oauth-toolkit documentation says nothing about that).

Related

wso2 Idendity server bearer token

i have used wso2 Idendity server version 5.7.
i have created token below curl.
curl -X POST \
https://localhost:9443/oauth2/token \
-H 'Accept: */*' \
-H 'Authorization: Basic dUJqVGZncU1vTHpUQWJwU2U3QXhyYzF3cGRvYTpQVjFLM2ZUM1o3Qm9jVFl3dF9wM214ZzYwQVlh' \
-d 'grant_type=password&username=admin&password=admin'
they will giving below response jwt formate.
{
"access_token": "eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbkBjYXJib24uc3VwZXIiLCJhdWQiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwibmJmIjoxNTU2NjEyMzAxLCJhenAiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwiZXhwIjoxNTU2NjE1OTAxLCJpYXQiOjE1NTY2MTIzMDEsImp0aSI6IjBiNDNiNDJhLTNmMGQtNDczZS05MjgwLWYzMDUyOTE5MDA0NSJ9.BxHpuoYJVpDPH4kauU7C6c9eSn-DDO3k40QQjDSBS3g7_dHDRCXvf1xBFe3dxggth-eomvo1kiIGQtC8_VzvL5umvM1VKkL_DqxDyWmM9CtFHj-MkDROS_81ZcWlME6__69vy68l9_cfM7XCUpkJ2JMAeFV2kS2jAvlIpSn3xcJWDMNNhcC60syrua_aATwNot6DQiy032c1uN2KOWEqLbhLMxDrue41jkhlQ7Kt4i-B7J385O7Rvju6bJ6SoTy-zU92ewXwrXctooLGbd_y-MQmXp0PTp2PqmBtgb5Ryrg9An3AbCavEjzYeJbSj2hIsKzU5dpH_KE670gEGW94jw",
"refresh_token": "253c5d9f-4efd-3b63-8451-66a0f83b2c72",
"token_type": "Bearer",
"expires_in": 3600
}
Problem :
1) when i have called any request using Bearer authorization token,giving below error but Basic YWRtaW46YWRtaW4= working fine.
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
2) Refresh token giving plain text how to convert jwt formate also.
Just in case if there is user permission issue, you will get
{"Errors":[{"code":"500","description":"User is not authorized to perform provisioning"}]}
Since your error message is
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
it is mainly due to invalid access token. You can check it by simply sending some random string as an access token. I would suggest you to check it from client side where you send correct access token or not.

How can i change expiry_in parameter of token in oauth2 with django rest

curl
-X POST -d
"grant_type=password&username=&password=" -u":"
http://localhost:8000/o/token/
I get the access token:
{ "access_token": "bWT0hgV6nXdvwIXuk7SREtZYWGWJOp",
"expires_in": 36000,
"token_type": "Bearer",
"scope": "read write groups",
"refresh_token": "5DUMuBWIHdBMFyGDKeJidCR6gD0Ftc" }
I want to change "expires_in" parameter to 2000.
It seems you generate token in your application. Focus on the method generates token. There should be some setting like
payload = {
"iss": "example.com",
"iat": int(time.time()),
"exp": int(time.time()) + 2000,
"aud": "www.example.com",
"sub": account['_id'],
"username": username,
"scopes": ['open']
}
, you just need to set the exp 2000s after now.
If you use an third party application, you can try to find configuration about expiration, or lifetime of token. If there's no UI configuration, there should be some configuration files to set this. Even worse, you can try to find "exp" in source code and set the value manually.

django-oauth-toolkit 'invalid client' error after deploy on AWS Elasticbeanstalk

I use django-oauth-toolkit with my django/django-rest-framework application. When I request an access token in dev mode on localhost, it works OK:
dev#devComp:$ curl -X POST -d "grant_type=password&username=
<user_name>&password=<password>" -u"<client_id>:<client_secret>"
http://localhost:8000/o/token/
{"access_token": "fFySxhVjOroIJkD0IuEXr5WIhwdXg6", "expires_in":
36000, "token_type": "Bearer", "scope": "read write groups",
"refresh_token": "14vhyaCZbdLtu7sq8gTcFpm3ro9YxH"}
But if I request an access token from absolutely the same application deployed at AWS Elasticbeanstalk, I get 'invalid client' error:
dev#devComp:$ curl -X POST -d "grant_type=password&username=
<user_name>&password=<password>" -u"<client_id>:<client_secret>"
http://my-eb-prefix.us-west-1.elasticbeanstalk.com/o/token/
{"error": "invalid_client"}
Please advise me what to do to get rid of this error and normally request access tokens from django app deployed at AWS.
After some research, I can now give the answer myself:
I had to add one more command to my python.config in .ebextensions folder:
...
container_commands:
...
03wsgipass:
command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'
After that, AWS allows incoming requests to pass authorization, and I get the response without an error.
I was also facing the same problem.
This worked for me:
curl -X POST -d "grant_type=password&username=<your-username>&password=<your-password>&client_id=<your-client id>&client_secret=<your-client secret>" http://your-domain/o/token/
{"access_token": "0BVfgujhdglxC7OHFh0we7gprlfr1Xk", "scope": "read write", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "AwffMPzNXvghlkjhs8dpXk7gbhhjhljlldfE2nI"}

Google OAUTH2 no refresh_token received

I am using emberjs and i could get this response from https://www.googleapis.com/oauth2/v4/token
{
"access_token": "snip",
"token_type": "Bearer",
"expires_in": 3600,
"id_token": "snip"
}
but i am never getting refresh token not even on first authentication. I am stuck with it for hours can anyone help me
My request params
code:4/6_Rm706y9Y4vAFSiR6BAF6GXEIQgG8IKkk_8JHSC7sU
redirect_uri:http://localhost:8080/app
client_id:****************
client_secret:****************
scope: null
grant_type:authorization_code
access_type:offline
approval_prompt:force

Django OAuth Toolkit and POSTMAN

I made a django OAuth server using Django OAuth Toolkit.
I've setup the code right and when I use CURL in the following way:
curl -X POST -d "grant_type=password&username=geethpw&password=abcabcabc" -u"wHsGgpsHZyw8ghnWbEPZC8f4AZLgJIPmoo50oNWp:ZQcXeQWnae0gmX0SMi6Xn6puBnhiphR2M80UC6ugmffbrUd66awhbguYgxtQ1ufahJZehj4RlGjYu06fHkVgO15TURttSozj27nshl0AhFfCVzUKqTDubBimTSsK4yDS" http://localhost:8000/o/token/
I get a response:
{"access_token": "glzwHLQNvUNQSOU5kFAoopgJxiNHcW", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "5k6jvCd2UxaRUGHKONC2SqDukitG5Y", "scope": "read write groups"}Geeths-MacBook-Pro:~ geethwijewickrama$
Geeths-MacBook-Pro:~ geethwijewickrama$
which is expected.
But When I try postman to do the samething, I always get:
{
"error": "unsupported_grant_type"
}
My headers are:
Content-Type:application/x-www-form-urlencoded
If I remove this header I get:
{
"error": "invalid_client"
}
How can I test my APIs in postman?
Your postman body should be something like:
grant_type: <grant_type>
client_id: <client_id>
client_secret: <client_secret>
username: <username>
password: <password>
Try Bulkedit with these, hope this helps (Hope you have registered the app to obtain client_id and client_secret)
Get token from django-oauth-toolkit from JS:
async function getToken () {
let res = await fetch("https://<your_domain>/o/token/", {
body: new URLSearchParams({
grant_type: 'password',
username: '<user_name>',
password: '<user_pass>',
client_id: '<client_app_id>',
client_secret: '<client_pass>'
}),
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
method: "POST"
})
return res.json();
}
console.log(await getToken());
Your client application authorisation grant type should be: "Resource owner password-based"
P.S. I've failed to get token via "Content-Type": "application/json", not sure why (django-oauth-toolkit documentation says nothing about that).