Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when sending post request to V2 OAuth with URL safe Base64 encoded client:key #75

Closed
JakeChely opened this issue Nov 6, 2021 · 4 comments
Closed

Error when sending post request to V2 OAuth with URL safe Base64 encoded client:key #75

JakeChely opened this issue Nov 6, 2021 · 4 comments

Comments

@JakeChely
Copy link

Description

Hi.
My Base64 encoded ClientId:key looks like this one : Y2xpZW50OmtleQ==
Its URL safe Base64 version is : Y2xpZW50OmtleQ
The padding is removed since the = character is not URL safe.

The SSO documentation about OAuth 2.0 at step 5 :

Create a URL safe Base64 encoded string where the contents before encoding are your application's client ID, followed by a :, followed by your application's secret key (e.g. URL safe Base64(<client_id>:<secret_key>)).

  • You will need to send the following HTTP headers (replace anything between <>, including <>):
    • Authorization: Basic <URL safe Base64 encoded credentials>
    • Content-Type: application/x-www-form-urlencoded
    • Host: login.eveonline.com

When sending a POST request to https://login.eveonline.com/v2/oauth/token with <URL safe Base64 encoded credentials>, I get the following error :

{
    "error": "invalid_grant",
    "error_description": "Grant type authorization_code is not supported."
}

When sending the exact same request but with <Base64 encoded credentials> instead, so not URL safe, it works and I get a valid token.

It seems like the padding and the missing == is the issue.

Reproduction Steps

  1. Find a clientID:secretKey combination which has extra padding when Base64 encoded.
  2. URL safe Base64 encode the combination (so with no = at the end).
  3. Send the POST request to https://login.eveonline.com/v2/oauth/token following the instructions at step 5 in the SSO documentation about OAuth 2.0.

Actual Behaviour

Returns the error :

{
    "error": "invalid_grant",
    "error_description": "Grant type authorization_code is not supported."
}

Expected Behaviour

Returns a valid token.
@jdtech3
Copy link

jdtech3 commented Dec 18, 2021

I can second this... having spent the last 45 minutes getting confused by this and the misleading error message.

@warlof
Copy link

warlof commented Dec 18, 2021

Or at least a related error message 😂

@dkozatc
Copy link

dkozatc commented Jan 28, 2022

Any updates about this one?

@Blacksmoke16 Blacksmoke16 mentioned this issue Mar 19, 2022
Merged
@stebet
Copy link
Contributor

stebet commented Mar 30, 2022
edited

Closing this ticket since it has been clarified in the docs. Atuh headers are not supposed to be URL Safe Base64.

@stebet stebet closed this as completed Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@warlof @stebet @dkozatc @jdtech3 @JakeChely