switch to client credentials grant type
vsantoro opened this issue · 17 comments
Password grant type is working great - i can generate a toke.
I need to use the client_credentials grant type. What code change needs to be made to use it ?
In app.js, change this:
app.oauth = oauthserver({
model: require('./model.js'),
grants: ['password'],
debug: true
});
with this:
app.oauth = oauthserver({
model: require('./model.js'),
grants: ['password', 'client_credentials'],
debug: true
});
In other words, add 'client_credentials' grant type to grants array.
Ok. I did that and tried get a token and I get
{
"code": 400,
"error": "invalid_client",
"error_description": "The grant type is unauthorised for this client_id"
}
that is the error I get back in postman. This is the error that pops up in Node when i try and hit it with client credentials
Connected successfully to "mongodb://localhost/oauth"
Error
at OAuth2Error (/var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/error.js:30:12)
at /var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/grant.js:343:19
at Object.grantTypeAllowed (/var/www/html/node-oauth2-server-mongo-example/model.js:105:2)
at Grant.checkGrantTypeAllowed (/var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/grant.js:338:14)
at run (/var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/runner.js:15:14)
at /var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/runner.js:17:7
at /var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/grant.js:147:5
at Query. (/var/www/html/node-oauth2-server-mongo-example/node_modules/mongoose/lib/model.js:4081:16)
at /var/www/html/node-oauth2-server-mongo-example/node_modules/kareem/index.js:273:21
at /var/www/html/node-oauth2-server-mongo-example/node_modules/kareem/index.js:131:16
at _combinedTickCallback (internal/process/next_tick.js:67:7)
at process._tickCallback (internal/process/next_tick.js:98:9)
Can you share the full request you are sending? Maybe the client_id is wrong or just missing.
sure. here is the request with password grant type, its successful.
here is with client credentials
POST /oauth/token HTTP/1.1
Host: 10.80.141.163:3000
Authorization: Basic YXBwbGljYXRpb246c2VjcmV0
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 0c61eb42-55ec-5db8-225b-4a58e4a29d5b
grant_type=client_credentials&username=test&password=test
i tried with and without the username & pswd
any ideas how I can use the client_credentials grant type ? I also looked in model.js password grant type is defined for callback, i tried changing that to client_credentials but that also did not work.
You are missing the Authorization header with a valid combination of client identifier and secret Username and password are for users, you only need to identify the client (whole application, not a user of the application) with client_credentials grant type.
Check the readme of my no-mongo repo , it contains a basic example:
curl http://localhost:3000/oauth/token \
-d "grant_type=client_credentials" \
-H "Authorization: Basic Y29uZmlkZW50aWFsQXBwbGljYXRpb246dG9wU2VjcmV0" \
-H "Content-Type: application/x-www-form-urlencoded"
Do I need to create a new client ? or is this client also in this repo code ?
There is one confidential client added to server and ready to work:
clientId: confidentialApplication
secret: topSecret
I am using Authorization in the header. Here is my current request.
POST /oauth/token HTTP/1.1
Host: 10.80.141.163:3000
Authorization: Basic YXBwbGljYXRpb246c2VjcmV0
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 7e612cbb-25eb-98f6-8619-68f7b1fbac8e
grant_type=client_credentials
Im using the default client
clientId: application
secret: secret
does my request look correct ?
My bad, this repo is outdated compared to the other one. There is no support for client_credentials grant type by now.
Soon I hope to spend some time updating these projects, to have the same possibilities. And maybe, upgrade to next major version (3.x) of oauth2-server.
Your last request seems ok, by the way!