OAuth2.0 - client_credentials error: The request body must contain the following parameter: 'grant_type'

[quaggyzombie]

When I use OAuth2 with client_credentials, I get the following error:

{
  "error": "invalid_request",
  "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'. Trace ID: 325b873b-08a3-4b23-b002-650f1f00f700 Correlation ID: 8d8f1825-b12e-468b-8c67-f686e9b46383 Timestamp: 2024-03-27 09:22:23Z",
  "error_codes": [
    900144
  ],
  "timestamp": "2024-03-27 09:22:23Z",
  "trace_id": "325b873b-08a3-4b23-b002-650f1f00f700",
  "correlation_id": "8d8f1825-b12e-468b-8c67-f686e9b46383",
  "error_uri": "https://login.microsoftonline.com/error?code=900144"
}

This is replicated if I click on "Get Access Token" or when sending the request.

Same details work absolutely fine with postman.

[elsewhat]

Also testing against Microsoft Azure AD / Entra Id and get a similar error with version 1.12.3 of Bruno
AADSTS900144: The request body must contain the following parameter: 'client_id'.

Likely caused by Bruno sending the request body payload for client_credentials with content-type application/json.

RFC6749 - The OAuth 2.0 Authorization Framework expects the content type to be application/x-www-form-urlencoded ref https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

MS Azure AD/Entra ID follows the standard only and expects application/x-www-form-urlencoded as content-type
ref https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret

Likely needs adjustment in

bruno/packages/bruno-electron/src/ipc/network/index.js

Line 216 in 1349a79

case 'client_credentials':

[quaggyzombie]

Also testing against Microsoft Azure AD / Entra Id and get a similar error with version 1.12.3 of Bruno AADSTS900144: The request body must contain the following parameter: 'client_id'.

Likely caused by Bruno sending the request body payload for client_credentials with content-type application/json.

RFC6749 - The OAuth 2.0 Authorization Framework expects the content type to be application/x-www-form-urlencoded ref https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

MS Azure AD/Entra ID follows the standard only and expects application/x-www-form-urlencoded as content-type ref https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret

Likely needs adjustment in

bruno/packages/bruno-electron/src/ipc/network/index.js

Line 216 in 1349a79

case 'client_credentials':

Yes, this seems to be the issue. I tried replicating these scenarios directly. Can +1 this.

[helloanoop]

This will go out in the 1.13.0 release. Please subscribe to Discord announcement channel to stay notified on the releases.

[quaggyzombie]

Using the 1.13.0 version, it still seems to be giving an error. Even though I click the "Get Access Token" button, still the Timeline shows the data being sent to the Request URL (Not the Access Token URL) as json, but with the client ID and secret instead, which should be sent as a GET to the Access token URL and then the token generated should be sent to the Request URL instead of what is seemingly happening.

[anusree-bruno]

This has been added. Closing the ticket