OAuth Get Token

donjus · June 14, 2022, 5:51pm

Hi,
i am currently implementing an oauth client using indico applications.
I was able to retrieve a code using the authorize url.
But now i am struggling to exchange this code to an access token.
For testing purposes i am using postman.
I am posting to the access token URL, with the correct grant_type and the code attached to the request.
Problem is that i am getting a 401 with an error saying invalid client.
Do i have to provide more parameters to request such as the client secret and if so how should the parameter look like.

Thanks in advance

ThiefMaster · June 14, 2022, 6:04pm

It’s standard oauth - so simply following the spec (or using an oauth client library) would be the easiest option.

If you manually send requests please include what you send. 401 sounds like you are not authenticating the token request using client id and secret…

donjus · June 14, 2022, 6:10pm

Yes thats the thing.

I am posting to accesstokenroute/?grant_type=authorization_code&code={code}.

I am not quite sure about the authorization header which i am sending.
Currently its “authorization”: “BASIC {client_secret}”

Am i missing something or is basic wrong in this place?

ThiefMaster · June 14, 2022, 6:14pm

http -f post https://indico3.mydevserver/oauth/token 'grant_type=authorization_code' 'client_id=XXX' 'client_secret=YYY' 'redirect_uri=https://XYZ' 'code=ZZZ'

This is what I used during development. So everything is sent via POST fields - nothing in HTTP auth.

donjus · June 14, 2022, 6:28pm

Thank you. That worked. Had something messed up with redirect_uri