I'm following OAuth2 provider tutorial. After setting up everthing correctly, I'm getting this error.
Invalid Credentials given
What am I doing wrong with request? I checked my username and password but it's 100% valid.
curl -X POST -d "grant_type=password&username=admin&password=j1357924680"
-u"TEAfdIRw5cE664Pd4X31wuD7y08er8Suim3SdZsr:dI65CQwo9glm9LN63twmqDSY2DHR9bbPqlSEIwktaOzMfAS7sSFirzCKi9enogNZmyHjqQeIYIqtwKY6RIUC7Lto22s4vDtB0Y7F5unffLdktHXPyPn7j593IAeHfTDp"
http://localhost:8000/o/token/
(If you want to see its actual source code) https://github.com/jbaek7023/DRFOAuth2
OAuth2 is very complicating
Related
I want to implement OpenID connect in my project.
So I started using Django Oauth Toolkit.
I was able to make the changes in Dajango Rest framework menu and was able to test the Resource owner password-based flow using the curl command
curl -X POST -d "grant_type=password&username=<user_name>&password=<password>" -u"<client_id>:<client_secret>" http://localhost:8000/o/token/
After that I made all the changes as mentioned in the OpenId Connect menu.
I have
Generated RSA private key
Added the changes as mentioned in the documentation
Then I registered applications for each flow as mentioned in the documentation.
Then the problem arise. I tried testing these flows the same way I tested Resource owner password-based flow
eg:
For Authorization code flow
curl -X POST -d "grant_type=password&username=user&password=aryan123&scope=openid" -u "rwOah6DU7PXPbpE7CWVokh16YeMIFsPCE4zv1ZUk:5p186YD3Wvf0nMz4bfXd9UJXbQnACMfpVzHwJ6AuneoPqnjJuoPUz4CiEM653gUIhCOMtV96Yymr1kLnAimdyfxWZMP2hOzslEH9kMpfoqyOorwviY8f1rs1BqcTSUtn" http://localhost:8000/o/token/
I'm getting the error:
{
"error": "invalid_grant",
"error_description": "Invalid credentials given."
}
For Implicit Flow
curl -X POST -d "grant_type=password&username=user&password=aryan123&scope=openid&response_type=id_token" -u "qKgH4Bx5QzOdSdRo5h7vUSpSaivHk0SaccMa0coH:DyNdcoS52JuanNhjjqqbRnemGaq27sQrwa43C6ieYahxCdHYXXJt4Y5ZdwXVbNZdZmt89XoAJ7kBuFoDZanZvhCCza3WMLWlCwSy5qv09W1QyJsLmTEGUzRHkytU21s1" http://localhost:8000/o/token/
I'm getting the error:
{
"error": "invalid_grant",
"error_description": "Invalid credentials given."
}
For Hybrid flow
curl -X POST -d "grant_type=password&username=user&password=aryan123" -u "YpKesUZnxyvOysKje4H2NNFhs45roO8z0SBu58Y5:Yf2IAsMRoLCbLrEUHsgPByLLnmFrNYPvqtYXuaZAJV5HbHioFZtbsTzh6Oj1W7jgWOKVU0PLsUwBPO0j5y7fhOLbUFiH2X9ZhdnQ3wJ7KxFOjTHYu2Cd52IxGO7U3iF3" http://localhost:8000/o/token/
I'm getting the error:
{
"error": "invalid_grant",
"error_description": "Invalid credentials given."
}
For the development purpose I have generated the private key and stored it in a python file itself like this
Note: The private key had some spaces and i removed it due to error
I'm confused about the parameters that needs to be passed in the curl. Maybe that's the problem or something else, which I'm not able to identify
Need your insight on this one.
Thanks...
I perform below steps to create an access token. but getting error {"error": "invalid_client"}
go to this link http://<ip_address>:/o/applications/
fill form to register your application
enter below command in CMD
curl -X POST -d "grant_type=password&username=<user_name>&password=" -u"<client_id>:<client_secret>" http://<ip_address>:/o/token/
Also, I installed required libraries for access token help of this https://django-oauth-toolkit.readthedocs.io/en/latest/rest-framework/getting_started.html
Image of error attached below
Error I am getting
you use hashed client secret now, you must use the clear client secret before you save your new application in the web interface
I am trying to get setup so that I can view my Nest equipment on my home automation system. Now with the Google Device Access, I have multiple steps that must be completed. I have created the project in Device Access. I setup the OAuth2 credentials. I enabled the api in the Google Cloud Portal. I "linked" the account / OAuth2 cred to my project to get the "authorization-code".
Now I am failing to "Get an Access Token".
When I try to use Google's Template and fill in the OAuth2-Client-ID, OAuth-Client-Secret and Authorization Code, the copy/paste it into a terminal session, I get: "curl: (3) URL using bad/illegal format or missing URL".
If instead I create my curl statement myself, using the data, I get '{
"error": "invalid_client",
"error_description": "Unauthorized"
}'
How do I get to the next step to get an Access Token?
I just had the same problem. The curl command automatically generated on the Google instruction page https://developers.google.com/nest/device-access/authorize did not work.
From Google (and not working) :-
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?
client_id=oauth2-client-id&
client_secret=oauth2-client-secret&
code=authorization-code&
grant_type=authorization_code&
redirect_uri=https://www.google.com'
This did work:-
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?' -d 'client_id=oauth2-client-id' -d 'client_secret=oauth2-client-secret' -d 'code=authorization-code' -d 'grant_type=authorization_code' -d 'redirect_uri=https://www.google.com'
Just replace oauth2-client-id, oauth2-client-secret, authorization-code with your values.
If the requested access token is not passed back to you and you get this response instead :-
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
This means the authorisation code has been used or has been passed in a request that failed and you need to regenerate the device authorisation code - the authorisation_code in the curl request - using the same process you followed to get it the first time.
Hello I am using below rest api commamd to create a service account key in GCP. Running the command from cloud shell though not sure doing it correctly.
curl POST https://iam.googleapis.com/v1/projects/project_iD/serviceAccounts/serviceaccountID.iam.gserviceaccount.com/keys?key=key generated by API Key credentials
I am a service account admin but when I run this command in cloud shell I get below error. Idealy I have all access for service account still says list permisssion is required. Can anybody help?
curl: (6) Could not resolve host: POST { "error": { "code": 403, "message": "Permission iam.serviceAccountKeys.list is required to perform this operation on service account projects/pserviceaccountID#dev.iam.gserviceaccount.com.", "status": "PERMISSION_DENIED" } }
There are two parts to your error. The first:
curl: (6) Could not resolve host: POST
Is telling you that the curl command cannot look up the hostname "POST" because you omitted the -X parameter, the first part of your command should read:
curl -X POST
Next, the URL you have is not quite the right format, as there should be no URL parameters (in this case the ?key=key portion), as it is a POST request -- the parameters from the API would be included in the body of the request.
However, I suspect even in that case you will have a permission denied error, as curl will not manage the oauth authentication and authorization that is necessary for this request to work -- you're effectively appearing to the API as unauthenticated. I'd recommend in this case that you use one of the client libraries to do the request, or use the gcloud command directly instead of curl. These will both greatly simplify the management of the authentication.
There are examples in C#, Go, Node, Python and others in the documentation for the API itself, take a look here: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/create
The documentation for using gcloud to accomplish this is here: https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-gcloud
That said, if you really want to do this with curl from cloud shell (where you have an authenticated gcloud session) this is the sequence of commands you need:
ACCESS_TOKEN="$(gcloud auth print-access-token)"
curl -X POST --header "Authorization: Bearer ${ACCESS_TOKEN}" \
https://iam.googleapis.com/v1/projects/PROJECTID/serviceAccounts/SERVICEACCOUNTNAME#PROJECTID.iam.gserviceaccount.com/keys
If you aren't on a cloud shell machine, you need to make sure you have gcloud auth first:
gcloud auth login
It looks like your service account that's making the request doesn’t have the required permissions. You should either give the SA the required IAM roles described in [1], or you can use your own user by doing gcloud auth login user#email.com to make the call.
You’ll also need the Service Account Key Admin, as SA Admin doesn’t have iam.serviceAccountKeys.list [2].
[1] https://cloud.google.com/iam/docs/creating-managing-service-account-keys#required_permissions
[2] https://cloud.google.com/iam/docs/permissions-reference
Im using django-oauth2-provider to build a authorization server. When i try to get access_token by using this command:
curl -d "client_id=513204402d4b4f4d62e2&grant_type=authorization_code&response_type=code" http://127.0.0.1:8000/oauth2/access_token
i get an error: invalid_client
I have been created my client with client_type is Confidential
How can i fix it?
If your client is confidential, you must authenticate to issue an access token.
I suppose that it is a password client. You just have to add the client_secret=CLIENT_SECRET_HERE parameter in your POST request or set your client credentials in the authorization header.
Example:
curl -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&...
or
curl --user CLIENT_ID_HERE:CLIENT_SECRET_HERE -d "...
The authorization code grant type is a two step flow.
You get an authorization code just after the resource owner allowed your client.
You get an access token using the authorization code.
You are trying to send a POST request so I suppose that if you already have an authorization code.
You get an invalid_request because you do not set the code parameter in your curl command:
curl -X POST -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&grant_type=authorization_code&code=AUTHORIZATION_CODE_HERE&redirect_uri=REDIRECT_URI_HERE" http://127.0.0.1:8000/oauth2/access_token