Solved: 400 required param grant_type when issuing oauth2 ...

Report Inappropriate Content · 06-21-2018 08:41 AM

I'm new to Apigee Edge. I'm testing it to set up a service that receives requests from my app to collect data about events that occur in my app, and I'm trying to do it with oauth2. I followed the instructions on this page:

https://docs.apigee.com/api-platform/tutorials/secure-calls-your-api-through-oauth-20-client-credent...

When my app makes a request to

POST https://dripplinger-eval-test.apigee.net/oauth/client_credential/accesstoken

I get back a 400 with the following payload:

{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}

But I inspected my request and I indeed have grant_type set. Here is the request payload, using content type application/x-www-form-urlencoded:

client_secret=REDACTED&grant_type=client_credentials&client_id=REDACTED

What am I doing wrong?

jyothikiranr

@David Ripplinger

Pease try this.

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
   https://dripplinger-eval-test.apigee.net/oauth/client_credential/accesstoken?grant_type=client_crede... \
  -d 'client_id={consumer-key}&client_secret={consumer-secret}'

The difference in your call is, form data should be client_id and client_secret. and grant_type is a query param.

View solution in original post

jyothikiranr

@David Ripplinger

Pease try this.

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
   https://dripplinger-eval-test.apigee.net/oauth/client_credential/accesstoken?grant_type=client_crede... \
  -d 'client_id={consumer-key}&client_secret={consumer-secret}'

The difference in your call is, form data should be client_id and client_secret. and grant_type is a query param.

Report Inappropriate Content

Thank you, that worked. I missed that detail in the tutorial. I think it's important to point out that the tutorial and its provided token-issuing api proxy are actually going against the spec by expecting grant_type in the query string. RFC 6749 section 4.4.2 explicitly states that grant_type belongs in the body, not the query. I'll have to figure out how I want to handle this case while still making my app work with other oauth2 token issuers that follow the spec.

ssvaidyanathan

@David Ripplinger - for the form param to work, just update the OAuth policy to

<GrantType>request.formparam.grant_type</GrantType>

I believe the default is set to use the query param

Report Inappropriate Content

@Sai Saran Vaidyanathan Thank you. That worked. I feel quite a bit better now that I know there's a way to configure the api proxy to be compliant with the spec. Now I won't have to write a special case in my own app.

Report Inappropriate Content

grant_type should be sent as query param or header in the same way it would be specified in the OAuth policy.

Report Inappropriate Content

Nope, like I said up above, read section 4.4.2 in RFC 6749. grant_type, according to the spec, belongs in the body, not the query.

gungc

Im Having this issue too. Im following this tutorial from Anil : https://www.youtube.com/watch?v=Gl15sVg5EBc

When I try to generate the token in Post man, I get this error:

{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}

if I add the grant_type param into the post request, I get the same error.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OA-GenerateAccess"> <DisplayName>OA-GenerateAccess</DisplayName>

<Operation>GenerateAccessToken</Operation>

<ExpiresIn>1800000</ExpiresIn> <SupportedGrantTypes> <GrantType>client_credentials</GrantType>

</SupportedGrantTypes> <GenerateResponse enabled="true"/>

</OAuthV2>

Appreciate any help. Thanks

Report Inappropriate Content

Since your issue wasn't quite the same as mine, you may have better luck getting help if you post a separate question and maybe link to this one as a reference. I'm sorry I personally don't know enough to be able to figure out what's happening in your thing.

gungc

Coool, Ill post seperately, thanks

gungc