cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2025
Views
5
Helpful
5
Replies

Fetching the access_token from the IdS authorize rest api doesn't work

gauravmarch
Level 1
Level 1

Dear Experts,

I am trying to fetch the access_token by directly calling the rest api as is done by cisco-identity-service-client-sdk, but facing some issue.

 

My steps/usecase is following:

- I hit following url, that took me to SAML login screen

https://{idsBaseUrl}/oauth/authorize?redirect_uri=https://localhost:8080&client_id={myclientId}&state={state}&response_type=code

where {idsBaseUrl}, {myclientId} and {state} are replaced by correct values.

- After login to SAML screen, it redirected me back to following url (as per my redirect url given):
https://localhost:8080/?state=aHR0cHM6Ly9sYWJmaW5lc3NlMTE2LmN5Y2xvbmVnbG9iYWwubmV0L2Rlc2t0b3Avc3NvL3Rlc3QJc3NvVGVzdFVybFJlcXVlc3Q%3D&code=669ea0b4875e38b0dc6bef217cf89fb6c2f87012

- I expect the code parameter in the above url is the authcode which needs to be send to access_token request. Am I right??

 

- Then I invoked following POST request to fetch access_token:
EndPoint URL: https://{idsBaseUrl}/oauth/access_token

Request Type: POST

Header: Accept: application/json

Header: Authorization: Basic xxxx (Base64 encoded clientId:clientSecret)

Body/Payload: code=669ea0b4875e38b0dc6bef217cf89fb6c2f87012&grant_type=authorization_code&redirect_uri=https://localhost:8080&return_user=yes

 

- But this request gives following response:
400, Bad Request

{"error":"invalid_request","error_description":"Missing grant_type parameter value"}

 

Any clues what I am doing wrong?

5 Replies 5

dekwan
Cisco Employee
Cisco Employee

Hi,

 

Sorry, IdS and SSO is definitely not my strong point.

 

Based on the error you are getting:

{"error":"invalid_request","error_description":"Missing grant_type parameter value"}

I would try to figure out why it is saying grant_type is missing (which I see in your pasted body). Do you have the Content-Type set? Maybe use a debugger to see what is actually being sent.

 

Thanx,

Denise

Hi Denise,

Following is the request:
POST https://{idsbaseURL}/oauth/access_token
Accept: application/json
Authorization: Basic M2QwNjY5MzMxYzMzMDNlNDM1OGI2OTM5MDIzMGU5ODljMGFiOWJjNw==
Content-Type: application/json; charset=utf8

code=d6ebca1f8a123dcd9c578860200b622459e5d644&grant_type=authorization_code&redirect_uri=https://localhosst:8080&return_user=yes

Equivalent curl command (Replace <password> with real password):
curl -i -H Accept:application/json -H Authorization:Basic M2QwNjY5MzMxYzMzMDNlNDM1OGI2OTM5MDIzMGU5ODljMGFiOWJjNw== -H Content-Type:application/json; charset=utf8 -X POST https://{idsbaseURL}/oauth/access_token -H Content-Type: application/json; charset=utf8 -d 'code=d6ebca1f8a123dcd9c578860200b622459e5d644&grant_type=authorization_code&redirect_uri=https://localhosst:8080&return_user=yes'

@denise,

but maybe my authcode is wrong?

I derived it from the code param from the url which was redirected to me:
https://localhost:8080/?state=aHR0cHM6Ly9sYWJmaW5lc3NlMTE2LmN5Y2xvbmVnbG9iYWwubmV0L2Rlc2t0b3Avc3NvL3Rlc3QJc3NvVGVzdFVybFJlcXVlc3Q%3D&code=d6ebca1f8a123dcd9c578860200b622459e5d644

Sorry, I don't know much about this...maybe others in the community can help...

@gauravmarch : did you ever get it working? I find myself in a similar boat... Thanks