-
-
Notifications
You must be signed in to change notification settings - Fork 793
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
{"error": "invalid_client"} #52
Comments
Hi @lucacorti The problem is that you should escape all special chars and wrap the auth string in double quotes since our token generator includes characters like space, , ", $. For example, if your client_id is Documentation is missing this information, also we need to improve this step in the tutorial and make it simpler, because users shouldn't deal with this stuff while learning how to use our library. I'll work on that asap. Meanwhile, you should try again the tutorial changing Step 3: instead of our generated client_id and client_secret try set your own using a safe set of characters that don't need to be escaped, for instance "test:test" Thanks for reporting 😄 |
I'm not sure This is the real issue. I've also tried to obtain the token via AFNetworking with simular results. Unfortunately I'm not able to perform further tests since I was in a hurry and had to use a different system to get it working. thanks Luca
|
I experienced the similar problem to create a server application with type=confidential, grant_type=authorization-code via the application web interface. Then, modify the existing web application written in passport-oauth2 successfully authenticated with django-oauth2-provider mentioned in django-rest-framework and try to authenticate server integrated with django-oauth-toolkit. Trace the server code to line 57 of oauth2_validators.py about the condition "request.client.client_type != Application.CLIENT_CONFIDENTIAL". According to section 3.2.1 of rfc, the application type should be confidential instead of other than confidential. I would like to know if the condition could be rewritten as "request.client.client_type == Application.CLIENT_CONFIDENTIAL". Please clarify. Thanks, |
@lucacorti I can add some information to the debug logger output to see what's in the Authorization Basic header. That way we could understand if the authorization credentials are passed in correctly. What do you think? |
Hi @twhtanghk the condition "request.client.client_type != Application.CLIENT_CONFIDENTIAL" is correct. Method Could you please add more details so we can identify what is the problem in your authentication process? I will add more debug output in |
@twhtanghk @lucacorti @twhtanghk |
@synasius In the debug log I posted earlier, you can see:
the user is correct. If you base64 decode the Authorization basic header you will find:
Which I double checked with the client id an secret in the admin. Basically I just installed django-oauth2-toolkit, setup the client application in the admin following the tutorial instructions and used curl as per the docs to make the call to obtain a token. Nothing fancy, I think you can reproduce this fairly easily. Unfortunately I'm not able to perform further tests right now. Do you need any more information? thanks Luca |
Can you please check if the Authorization Grant Type in the Application is set to "Resource Owner password-based"? |
@synasius Yes, it was, as per the tutorial. |
@lucacorti first of all, thanks for the time you're spending on this! We appreciate it! really I went through the tutorial several times but I couldn't replicate the problem. It always works for me At this point you can:
LOGGING = {
'version': 1,
# ...
'handlers': {
# ...
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
},
},
'loggers': {
# ....
'oauthlib': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': True,
},
},
} |
hey, I put on a test DOT instance on heroku. Can you please if it's working for you?
|
Seems to be working...
|
Ok, I setup a test environment and the logging as you suggested, I now get this eror on the console:
of course if i change clientid/secret to something naïve the client authenticates:
so this really seems an issue with quoting on oauthlib/oauth-toolkit side. |
Without modifying the condition, the flow is listed below. Any idea if the authorization request is not going through type=confidential, grant_type=authorization-code scheme.
HTTP/1.0 200 OK
HTTP/1.0 302 FOUND
HTTP/1.1 500 Internal Server Error
Thanks |
@lucacorti @twhtanghk |
@synasius I'm sending a pull request, the RFC says the client should urlencode the client_id/secret, but you are not urldecoding it. I think this is a bug. |
Just a small comment here. I had the same problem with the "invalid client" response, but this was due to me running the app on Apache not on the internal server provided by Django Rest Framework. In Apache I needed to turn on "WSGIPassAuthorization On" to have the right headers passed. |
@twolff-iow thanks for your comment, I had the same problem on my apache. problem solved with "WSGIPassAuthorization On". thank you! |
@twolff-iow that caught me as well, thanks for the tip! It would be great if that was added to the documentation somewhere. |
@ghost that solved my problem, thanks! |
@ghost, thanks for the comment. Solved my issue. |
Really frustrated with this. None of those are wroking even in my local host. |
@prahlad1989 Please take a look at #1161 to see if this helps. There are two breaking changes with release 2.0.0:
Some fixes and documentation improvements have been merged into the master branch which will help once released. Just waiting on a couple of PRs to be merged. |
Hello,
I'm following the tutorial for Django Rest Framework. I set up my application in the admin and I'm sending a POST request just like in the tutorial, but always get
as a response:
The text was updated successfully, but these errors were encountered: