Solved: Post - grant type as client credential

karthikeyangobu · 05-25-2021 01:23 PM

as per my requirement , i have to send Post method to get the token .

I have created the policy and proxy. based on the current code see the curl commands below.

curl -X POST -H 'Accept: */*'

-H 'Clientid: ****'

-H 'ClientSecret: ***'

-H 'Content-Length: 4'

-H 'Content-Type: application/x-www-form-urlencoded'

-H 'Authorization: Basic Mk6SG9tZWRhbWFnZTE='

-H 'X-Amzn-Trace-Id: Root=1-60ad4854-5f385f266496a91452c1cfb9'

-H 'X-Forwarded-For: 10.233.71.113'

-H 'X-Forwarded-Port: 443'

-H 'X-Forwarded-Proto: https' 'https://XXXXXXX'

but i have written the CUrl command manual to connect the RestAPI.

curl -X POST

-H 'Content-Type: application/x-www-form-urlencoded'

-d 'grant_type=client_credentials' 'https://staging.symbility.net/rest-api/authentication/token'

-H 'Authorization: Basic Mk6SG9tZWRhbWFnZTE='

-H 'Clientid: ****'

-H 'ClientSecret: *****'

-H 'Accept: */*'

-H 'X-Amzn-Trace-Id: Root=1-60abf344-4b25125e5a2a2ad5255e33c5'

-H 'X-Forwarded-For: 10.233.71.81'

-H 'X-Forwarded-Port: 443'

-H 'X-Forwarded-Proto: https' 'https://xxxxxxx'

how to populate the grant type in Request body content. ???

in APigee edge:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth2-GT">

<DisplayName>OAuth2-GT</DisplayName> <Properties/>

<ExternalAuthorization>false</ExternalAuthorization>

<Operation>GenerateAccessToken</Operation> <SupportedGrantTypes> <GrantType>client_credentials</GrantType>

</SupportedGrantTypes> <GrantType>grant_type</GrantType>

<client_id>Username</client_id>

<client_secret>Password</client_secret>

i dont know how to give the client id and client secret and grant type in request body.

and

second question :

content-length is required one?

if not , how to remove the content -length from apigee edge.

Report Inappropriate Content

You don't need username and password in client credentials, so you should remove those. You can use the below code for token generation of client credentials grant type.

<OAuthV2 name="GetAccessToken">
  <Operation>GenerateAccessToken</Operation>
  <ExpiresIn>3600000</ExpiresIn>
  <SupportedGrantTypes>
    <GrantType>client_credentials</GrantType>
  </SupportedGrantTypes>
  <GenerateResponse/>
</OAuthV2>

And your request should be something like as below.

curl -i -H 'Content-Type: application/x-www-form-urlencoded' -X POST 'https://docs-test.apigee.net/oauth/accesstoken' -d 'grant_type=client_credentials' -H 'Authorization: Basic c3FIOG9vSGV4VHo4QzAySVgT1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ'

View solution in original post

Report Inappropriate Content

You don't need username and password in client credentials, so you should remove those. You can use the below code for token generation of client credentials grant type.

<OAuthV2 name="GetAccessToken">
  <Operation>GenerateAccessToken</Operation>
  <ExpiresIn>3600000</ExpiresIn>
  <SupportedGrantTypes>
    <GrantType>client_credentials</GrantType>
  </SupportedGrantTypes>
  <GenerateResponse/>
</OAuthV2>

And your request should be something like as below.

curl -i -H 'Content-Type: application/x-www-form-urlencoded' -X POST 'https://docs-test.apigee.net/oauth/accesstoken' -d 'grant_type=client_credentials' -H 'Authorization: Basic c3FIOG9vSGV4VHo4QzAySVgT1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ'

karthikeyangobu

after i alter the above code but i'm getting the error code : 401 unauthorized.

Report Inappropriate Content

401 means your Authorization header value is incorrect.

If that is correct, can you share the error body message.

karthikeyangobu

{"ErrorCode" : "invalid_client", "Error" :"ClientId is Invalid"}

karthikeyangobu

this is basic auth code:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<DisplayName>Basic Authentication</DisplayName>

<Operation>Encode</Operation> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>

<AssignTo createNew="false">request.header.Authorization</AssignTo> </BasicAuthentication>

i'm seeing the Authorization value as "****" looks like encoded. for testing purpose , i have assigned the value to some other variable like "request.header.APIAuthorization" and i'm able to see the value "basic xxxxxxx" .

not sure .. why i'm getting the 401 error.

Report Inappropriate Content

First of all for client credentials grant type you need not to use basic Authentication policy. You can directly send the header Authorization with Basic <base64encodedvalue>

if you are using Basic Authentication encode, that is also, not wrong. Just check your basic is b or B. B is the correct one.

After that if still same error you see, then decode that value and check what you sent is same or any space or anything is there.

Next if still seeing the same error, check is the proxy added to the product which is registered with particular dveloper app whose client id you are using.