Authentication failure! invalid_credentials

[igorrfc]

I'm trying to create a rails client authentication for a rails API. But i'm getting an error like the returned on the issue #732.The solution of this issue dont works for me.

CLIENT LOG:

`Started GET "/" for 127.0.0.1 at 2016-05-02 09:09:01 -0300
ActiveRecord::SchemaMigration Load (0.1ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by HomeController#index as HTML
Rendered home/index.html.erb within layouts/application (1.0ms)
Completed 200 OK in 200ms (Views: 191.8ms | ActiveRecord: 0.0ms)

Started GET "/users/auth/meta_auth" for 127.0.0.1 at 2016-05-02 09:09:04 -0300
I, [2016-05-02T09:09:04.392655 #5893] INFO -- omniauth: (meta_auth) Request phase initiated.

Started GET "/users/auth/meta_auth" for 127.0.0.1 at 2016-05-02 09:09:04 -0300
I, [2016-05-02T09:09:04.511025 #5893] INFO -- omniauth: (meta_auth) Request phase initiated.

Started GET "/users/auth/meta_auth/callback?code=67d732c540266fd3f7bd0e976f8464005fe0cdc1b143c255b1229039449221ed&state=9077da5b9d65211b4b8333858bb59ffaa0b7841e1e09970d" for 127.0.0.1 at 2016-05-02 09:09:04 -0300
I, [2016-05-02T09:09:04.671596 #5893] INFO -- omniauth: (meta_auth) Callback phase initiated.
I, [2016-05-02T09:09:04.822931 #5893] INFO -- omniauth: (meta_auth) Callback phase initiated.
E, [2016-05-02T09:09:04.831480 #5893] ERROR -- omniauth: (meta_auth) Authentication failure! invalid_credentials: OAuth2::Error, invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"code"=>"67d732c540266fd3f7bd0e976f8464005fe0cdc1b143c255b1229039449221ed", "state"=>"9077da5b9d65211b4b8333858bb59ffaa0b7841e1e09970d"}
Redirected to http://localhost:4000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
`

PROVIDER LOG:
`Started OPTIONS "/oauth/authorize?client_id=c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d&redirect_uri=http%3A%2F%2Flocalhost%3A4000%2Fusers%2Fauth%2Fmeta_auth%2Fcallback&response_type=code&state=fa7ebd5415bd33c3f8f6f6daef0aa786839586e7bb2c07aa" for 127.0.0.1 at 2016-05-02 09:09:38 -0300
ActiveRecord::SchemaMigration Load (0.1ms) SELECT "schema_migrations".* FROM "schema_migrations"

ActionController::RoutingError (No route matches [OPTIONS] "/oauth/authorize"):
actionpack (4.2.6) lib/action_dispatch/middleware/debug_exceptions.rb:21:in call' web-console (2.3.0) lib/web_console/middleware.rb:28:inblock in call'
web-console (2.3.0) lib/web_console/middleware.rb:18:in catch' web-console (2.3.0) lib/web_console/middleware.rb:18:incall'
actionpack (4.2.6) lib/action_dispatch/middleware/show_exceptions.rb:30:in call' railties (4.2.6) lib/rails/rack/logger.rb:38:incall_app'
railties (4.2.6) lib/rails/rack/logger.rb:20:in block in call' activesupport (4.2.6) lib/active_support/tagged_logging.rb:68:inblock in tagged'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:26:in tagged' activesupport (4.2.6) lib/active_support/tagged_logging.rb:68:intagged'
railties (4.2.6) lib/rails/rack/logger.rb:20:in call' actionpack (4.2.6) lib/action_dispatch/middleware/request_id.rb:21:incall'
rack (1.6.4) lib/rack/methodoverride.rb:22:in call' rack (1.6.4) lib/rack/runtime.rb:18:incall'
activesupport (4.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in call' rack (1.6.4) lib/rack/lock.rb:17:incall'
actionpack (4.2.6) lib/action_dispatch/middleware/static.rb:120:in call' rack (1.6.4) lib/rack/sendfile.rb:113:incall'
railties (4.2.6) lib/rails/engine.rb:518:in call' railties (4.2.6) lib/rails/application.rb:165:incall'
rack (1.6.4) lib/rack/lock.rb:17:in call' rack (1.6.4) lib/rack/content_length.rb:15:incall'
rack (1.6.4) lib/rack/handler/webrick.rb:88:in service' /home/wandeson/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/webrick/httpserver.rb:140:inservice'
/home/wandeson/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/webrick/httpserver.rb:96:in run' /home/wandeson/.rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/webrick/server.rb:296:inblock in start_thread'

Started GET "/oauth/authorize?client_id=c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d&redirect_uri=http%3A%2F%2Flocalhost%3A4000%2Fusers%2Fauth%2Fmeta_auth%2Fcallback&response_type=code&state=d8f1cad0eeb9594edd6f93b46607102b42bc969a61e55fcd" for 127.0.0.1 at 2016-05-02 09:09:38 -0300
Processing by Doorkeeper::AuthorizationsController#new as HTML
Parameters: {"client_id"=>"c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d", "redirect_uri"=>"http://localhost:4000/users/auth/meta_auth/callback", "response_type"=>"code", "state"=>"d8f1cad0eeb9594edd6f93b46607102b42bc969a61e55fcd"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Doorkeeper::Application Load (0.1ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = ? LIMIT 1 [["uid", "c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d"]]
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Doorkeeper::AccessToken Load (0.2ms) SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = ? AND "oauth_access_tokens"."resource_owner_id" = ? AND "oauth_access_tokens"."revoked_at" IS NULL ORDER BY created_at desc LIMIT 1 [["application_id", 1], ["resource_owner_id", 1]]
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 ["id", 1] begin transaction
Doorkeeper::AccessGrant Exists (0.1ms) SELECT 1 AS one FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = '0d09935fbd3133f0b7adca5302025c979cdd70ccc8e4f89119ef6061b1dd887b' LIMIT 1
SQL (0.3ms) INSERT INTO "oauth_access_grants" ("application_id", "resource_owner_id", "expires_in", "redirect_uri", "scopes", "token", "created_at") VALUES (?, ?, ?, ?, ?, ?, ?) ["application_id", 1], ["resource_owner_id", 1], ["expires_in", 600], ["redirect_uri", "http://localhost:4000/users/auth/meta_auth/callback"], ["scopes", ""], ["token", "0d09935fbd3133f0b7adca5302025c979cdd70ccc8e4f89119ef6061b1dd887b"], ["created_at", "2016-05-02 12:09:38.868185"] commit transaction
Redirected to http://localhost:4000/users/auth/meta_auth/callback?code=0d09935fbd3133f0b7adca5302025c979cdd70ccc8e4f89119ef6061b1dd887b&state=d8f1cad0eeb9594edd6f93b46607102b42bc969a61e55fcd
Completed 302 Found in 167ms (ActiveRecord: 118.0ms)

Started POST "/oauth/token" for 127.0.0.1 at 2016-05-02 09:09:39 -0300
Processing by Doorkeeper::TokensController#create as /
Parameters: {"client_id"=>"c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d", "client_secret"=>"[FILTERED]", "code"=>"[FILTERED]", "grant_type"=>"authorization_code", "redirect_uri"=>"http://localhost:4000/users/auth/meta_auth/callback"}
Doorkeeper::AccessGrant Load (0.2ms) SELECT "oauth_access_grants".* FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = ? LIMIT 1 [["token", "0d09935fbd3133f0b7adca5302025c979cdd70ccc8e4f89119ef6061b1dd887b"]]
Doorkeeper::Application Load (0.2ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = ? AND "oauth_applications"."secret" = ? LIMIT 1 ["uid", "c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d"], ["secret", "4aa072dd51c91af7c625dbc370c3d59fb0f0633561700ad5287b6c11f03a86e9"] begin transaction
Doorkeeper::AccessGrant Load (0.2ms) SELECT "oauth_access_grants".* FROM "oauth_access_grants" WHERE "oauth_access_grants"."id" = ? LIMIT 1 [["id", 25]]
SQL (0.2ms) UPDATE "oauth_access_grants" SET "revoked_at" = ? WHERE "oauth_access_grants"."id" = ? [["revoked_at", "2016-05-02 12:09:39.022441"], ["id", 25]]
Doorkeeper::Application Load (0.1ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."id" = ? LIMIT 1 [["id", 1]]
CACHE (0.0ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."id" = ? LIMIT 1 [["id", 1]]
Doorkeeper::AccessToken Exists (0.1ms) SELECT 1 AS one FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = '30f610ea13e8e076214d80dcac87cfb4b2ce4e9638489263d86b9260793368d0' LIMIT 1
SQL (0.1ms) INSERT INTO "oauth_access_tokens" ("application_id", "resource_owner_id", "scopes", "expires_in", "token", "created_at") VALUES (?, ?, ?, ?, ?, ?) ["application_id", 1], ["resource_owner_id", 1], ["scopes", ""], ["expires_in", 7200], ["token", "30f610ea13e8e076214d80dcac87cfb4b2ce4e9638489263d86b9260793368d0"], ["created_at", "2016-05-02 12:09:39.040851"] commit transaction
Completed 200 OK in 180ms

Started GET "/api/v1/me.json" for 127.0.0.1 at 2016-05-02 09:09:39 -0300
Processing by Api::V1::CredentialsController#me as JSON
Doorkeeper::AccessToken Load (0.6ms) SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = ? LIMIT 1 [["token", "30f610ea13e8e076214d80dcac87cfb4b2ce4e9638489263d86b9260793368d0"]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Completed 200 OK in 8ms (Views: 0.9ms | ActiveRecord: 0.6ms)

Started POST "/oauth/token" for 127.0.0.1 at 2016-05-02 09:09:39 -0300
Processing by Doorkeeper::TokensController#create as /
Parameters: {"client_id"=>"c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d", "client_secret"=>"[FILTERED]", "code"=>"[FILTERED]", "grant_type"=>"authorization_code", "redirect_uri"=>"http://localhost:4000/users/auth/meta_auth/callback"}
Doorkeeper::AccessGrant Load (0.2ms) SELECT "oauth_access_grants".* FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = ? LIMIT 1 [["token", "0d09935fbd3133f0b7adca5302025c979cdd70ccc8e4f89119ef6061b1dd887b"]]
Doorkeeper::Application Load (0.1ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = ? AND "oauth_applications"."secret" = ? LIMIT 1 [["uid", "c848747020b18c615bbb23c3d3d13fbf3678c31d7ad92b4d8e0b4ab83238ba2d"], ["secret", "4aa072dd51c91af7c625dbc370c3d59fb0f0633561700ad5287b6c11f03a86e9"]]
Completed 401 Unauthorized in 4ms

`

[igorrfc]

My bad, guys. I was starting two calls for my strategie. Sorry.

[sachin-metacube]

@igorrfc can you explain what was the fix?

[itsNikolay]

@sachin-metacube
I got the error during:

❯ curl \
 -X POST \
 -d 'grant_type=password&email=user@example.com&password=yourpassword' \
localhost:3000/oauth/token

{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}% 

So I just updated my user with:

User.first.update! email: 'user@example.com', password: 'yourpassword'

and it passed:

❯ curl \
 -X POST \
 -d 'grant_type=password&email=user@example.com&password=yourpassword' localhost:3000/oauth/token

{"access_token":"57ad572c0b24cf10a7a5b138deff7f38d5b65b410b956a9cff423cc7e390a48a","token_type":"bearer","expires_in":7200,"refresh_token":"6597485e9a3bf06486e6c6f3ed732d1b03bf8fa9b683089ea1f047253751b4aa","created_at":1525126985}%