cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1625
Views
5
Helpful
5
Replies

Fetching the access_token from the IdS authorize rest api doesn't work

gauravmarch
Level 1
Level 1

Dear Experts,

I am trying to fetch the access_token by directly calling the rest api as is done by cisco-identity-service-client-sdk, but facing some issue.

 

My steps/usecase is following:

- I hit following url, that took me to SAML login screen

https://{idsBaseUrl}/oauth/authorize?redirect_uri=https://localhost:8080&client_id={myclientId}&state={state}&response_type=code

where {idsBaseUrl}, {myclientId} and {state} are replaced by correct values.

- After login to SAML screen, it redirected me back to following url (as per my redirect url given):
https://localhost:8080/?state=aHR0cHM6Ly9sYWJmaW5lc3NlMTE2LmN5Y2xvbmVnbG9iYWwubmV0L2Rlc2t0b3Avc3NvL3Rlc3QJc3NvVGVzdFVybFJlcXVlc3Q%3D&code=669ea0b4875e38b0dc6bef217cf89fb6c2f87012

- I expect the code parameter in the above url is the authcode which needs to be send to access_token request. Am I right??

 

- Then I invoked following POST request to fetch access_token:
EndPoint URL: https://{idsBaseUrl}/oauth/access_token

Request Type: POST

Header: Accept: application/json

Header: Authorization: Basic xxxx (Base64 encoded clientId:clientSecret)

Body/Payload: code=669ea0b4875e38b0dc6bef217cf89fb6c2f87012&grant_type=authorization_code&redirect_uri=https://localhost:8080&return_user=yes

 

- But this request gives following response:
400, Bad Request

{"error":"invalid_request","error_description":"Missing grant_type parameter value"}

 

Any clues what I am doing wrong?

5 Replies 5

dekwan
Cisco Employee
Cisco Employee

Hi,

 

Sorry, IdS and SSO is definitely not my strong point.

 

Based on the error you are getting:

{"error":"invalid_request","error_description":"Missing grant_type parameter value"}

I would try to figure out why it is saying grant_type is missing (which I see in your pasted body). Do you have the Content-Type set? Maybe use a debugger to see what is actually being sent.

 

Thanx,

Denise

Hi Denise,

Following is the request:
POST https://{idsbaseURL}/oauth/access_token
Accept: application/json
Authorization: Basic M2QwNjY5MzMxYzMzMDNlNDM1OGI2OTM5MDIzMGU5ODljMGFiOWJjNw==
Content-Type: application/json; charset=utf8

code=d6ebca1f8a123dcd9c578860200b622459e5d644&grant_type=authorization_code&redirect_uri=https://localhosst:8080&return_user=yes

Equivalent curl command (Replace <password> with real password):
curl -i -H Accept:application/json -H Authorization:Basic M2QwNjY5MzMxYzMzMDNlNDM1OGI2OTM5MDIzMGU5ODljMGFiOWJjNw== -H Content-Type:application/json; charset=utf8 -X POST https://{idsbaseURL}/oauth/access_token -H Content-Type: application/json; charset=utf8 -d 'code=d6ebca1f8a123dcd9c578860200b622459e5d644&grant_type=authorization_code&redirect_uri=https://localhosst:8080&return_user=yes'

@denise,

but maybe my authcode is wrong?

I derived it from the code param from the url which was redirected to me:
https://localhost:8080/?state=aHR0cHM6Ly9sYWJmaW5lc3NlMTE2LmN5Y2xvbmVnbG9iYWwubmV0L2Rlc2t0b3Avc3NvL3Rlc3QJc3NvVGVzdFVybFJlcXVlc3Q%3D&code=d6ebca1f8a123dcd9c578860200b622459e5d644

Sorry, I don't know much about this...maybe others in the community can help...

@gauravmarch : did you ever get it working? I find myself in a similar boat... Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: