Unable to get oAuth token for client credential flow

Hi,

I am using kong 0.14 with Postgres 9.6. After creating consumer, application, service, plugin and routes I tried to fetch oauth token but I am unable to get oauth2/token for client_credentials flow.

My request is as below
curl --insecure https://localhost:8443/oauth2/token -d “client_id=tFn3WQ278RPpulDW&grant_type=client_credentials&client_secret=V0271fN5vvl117vKViJVcgw”

I tried the same setup using Cassandra and it worked. Am I missing anything for Postgres ?

Hi,

It’s difficult to know what is happening here whithout more information.

What response are you receiving to your request?

Does the nginx log show any error messages?

request command:
curl --insecure https://localhost:8443/oauth2/token -d “client_id=tFn3WQ278RPpulDW&grant_type=client_credentials&client_secret=V0271fN5vvl117vKViJVcgw”

Response:
HTTP/2 404
date: Fri, 13 Jul 2018 11:11:15 GMT
content-type: text/html; charset=UTF-8
content-length: 233
server: gunicorn/19.8.1
access-control-allow-origin: *
access-control-allow-credentials: true
via: kong/0.14.0
x-kong-upstream-latency: 224
x-kong-proxy-latency: 1

404 Not Found

Not Found

The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

nginx error: “POST /oauth2/token HTTP/1.1” 404 233

That error seems to indicate that the oauth2 plugin was not installed. Can you check that it is?

I added oauth2 plugin at the service layer. Is der any other place I need to add ?

from endpoint curl --request GET localhost:8001/plugins/ I m getting below response.

{
“total”:1,
“data”:[
{
“created_at”:1531459338000,
“config”:{
“refresh_token_ttl”:1209600,
“scopes”:[
“read:location”
],
“mandatory_scope”:true,
“provision_key”:“VAvvQuLSwffjeTcqXVmAOXKSiHdSawud”,
“hide_credentials”:false,
“token_expiration”:3600,
“enable_implicit_grant”:false,
“global_credentials”:false,
“anonymous”:"",
“enable_password_grant”:false,
“enable_client_credentials”:true,
“enable_authorization_code”:false,
“accept_http_if_already_terminated”:false,
“auth_header_name”:“authorization”
},
“id”:“3b8166d9-f145-4c0b-8dcb”,
“name”:“oauth2”,
“service_id”:“6dd03fec-a7fc-4ab2”,
“enabled”:true
}
]
}

You need to call it against

https://localhost:8443/ROUTE_PATH/oauth2/token

Every Oauth2 endpoint for token generation changes per proxy Unless you do what I described here:

1 Like

Thanks for tips. It worked. Kong integration with Cassandra didn’t complain about this. I only faced this issue when I tried to do setup Kong using Postgres.

@jeremyjpj0916

After getting token when I call route its throwing error “The access token is invalid or has expired”. I added details here Error while calling routes using oAuth2 token

ignore my above query. I found reason.

1 Like

Hi Ritesh,

I am facing similar problem but my code is in scala. here is what I am doing. However when I try in POSTMAN it work absolutely fine. Can you see what I am doing wrong ?

case class credentials (
scope: String, //="/consent.create /consent.read /library.read"
grant_type: String //=“client_credentials”
)

val id="<kEY>"
val secret="<SECRET>"

val authString = Base64.getEncoder.encodeToString(s"$id:$secret".getBytes(StandardCharsets.UTF_8))

val cred = new credentials("/consent.create /consent.read /library.read", “client_credentials”)

val body = new Gson().toJson("1:3")
//val body = gson.toJson(cred)
val endpoint = "https://<HOSTNAME>/api/v1/oauth/v1/token"
val url = endpoint //+ "&client_id=" + + "&client_secret=" + _clientSecret
println(url)
val client = HttpClientBuilder.create().build()
val post = new HttpPost(url)
post.addHeader("Content-Type", "application/x-www-form-urlencoded")
post.addHeader("Authorization", "Basic " + authString)

post.addHeader("grant_type", "client_credentials")
post.addHeader("scope", "<HOSTNAME>/consent.create <HOSTNAME>/consent.read <HOSTNAME>/library.read")

post.setEntity(new StringEntity(body))
println(post.getAllHeaders.foreach(println))
val response = client.execute(post)
println("response:" +  response)

sorry for the late reply. Are you still getting error?
In my case I added a route with path “/oauth2/token” and set this as global level.
Please check.