Why do I get an invalid client response when generating an access token?

Not applicable

When I use trace I see the correct id and secret are sent with it in the form params, but it adds a plus at the end of the secret:

grant_type=client_credentials&client_id={id}&client_secret={secret}+

Could it because of the + symbol? It's not in my postman call, so I don't know where it comes from.

Response:

{"ErrorCode" : "invalid_client", "Error" :"Client credentials are invalid"}

Policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="generate-access-token-client-credentials">
    <DisplayName>generate access token - client credentials</DisplayName>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <GenerateResponse enabled="true"/>
    <Tokens/>
</OAuthV2>
0 6 36K
6 REPLIES 6

Hi @Friso Denijs,

To generate access token for client_credentials grant type, You must pass the Client ID and Client Secret either as a Basic Authentication header (Base64-encoded) or as form parameters client_id and client_secret. Form parameters should also be x-www-form-urlencoded.

I will recommend to pass in Basic Authentication header

Regards

Snehal

I did try that and also encoding in the flow itself, but it all results in the same response.

Do you see the credentials being passed properly in trace ? May be use a javascript policy and print it

the error was in postman, i accidentally added a space behind the client_secret

@Friso Denijs -- Your policy looks fine. Maybe you've tried this, but what happens if you use curl to make the call as shown here?

That works! So the problem is somewhere in Postman I guess