[PDB Tech] OAuth client application help requested - cannot authorize with client secret
Justin Cole
justinc at redapt.com
Wed Feb 22 11:16:19 PST 2023
Thank you for the response Leo.
I was able to get it working by excluding the authorization header and call like so:
POST to https://auth.peeringdb.com/oauth2/token/<https://auth.peeringdb.com/oauth2/token/>
Header: 'Content-Type': 'application/x-www-form-urlencoded'
Body: 'grant_type=authorization_code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=CODE&redirect_uri=CALLBACK_URI'
It seems the system does not like the Basic auth header, nor does it like JSON as the request body.
Hopefully this helps someone in the future.
Thanks,
Justin
From: Leo Vegoda <leo at peeringdb.com>
Sent: Wednesday, February 22, 2023 11:01 AM
To: Justin Cole <justinc at redapt.com>
Subject: Re: [PDB Tech] OAuth client application help requested - cannot authorize with client secret
Hi Justin,
2.44.0 was just deployed to production. It included a fix for OAuth logins that failed when MFA was enabled. It's possible that this has resolved your issue. If not, please let us know.
Release Notes<https://docs.peeringdb.com/release_notes/>
docs.peeringdb.com<https://docs.peeringdb.com/release_notes/>
[favicon.ico]<https://docs.peeringdb.com/release_notes/>
Kind regards,
Leo Vegoda
PeeringDB Product Manager
On Feb 15, 2023, at 19:52, Justin Cole <justinc at redapt.com<mailto:justinc at redapt.com>> wrote:
Hello,
I'm hoping someone can help me with my OAuth application problem.
I have created an OAuth application with authorization-code grant type and entered my redirect uri. I can successfully call the /authorize/ endpoint, log in and receive an authorization code. However, the subsequent callback to /token/ always returns 401 Unauthorized with response body: { "meta": { "error": "Invalid username or password" } }
Call to /token/ looks like:
POST to https://auth.peeringdb.com/oauth2/token/<https://auth.peeringdb.com/oauth2/token/>
Header:
Authorization: Basic (Base64Encode(CLIENT_ID:CLIENT_SECRET))
Body:
{
grant_type:'authorization_code',
code:'CODE',
redirect_uri:'https://localhost:3001/api/auth/callback/peeringdb<https://localhost:3001/api/auth/callback/peeringdb>',
client_id:'CLIENT_ID',
client_secret:'CLIENT_SECRET'
}
I've determined that problem is the Authorization header value, however I've verified the values match the client id/client secret generated from PeeringDB (https://www.peeringdb.com/oauth2/applications/register/<https://www.peeringdb.com/oauth2/applications/register/>) are correct.
What am I doing wrong?
Or is there something I am missing to enable the OAuth application registration from working properly?
Thank you,
Justin
_______________________________________________
Pdb-tech mailing list
Pdb-tech at lists.peeringdb.com<mailto:Pdb-tech at lists.peeringdb.com>
https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech<https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.peeringdb.com/pipermail/pdb-tech/attachments/20230222/1c4bf4be/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 719 bytes
Desc: image001.png
URL: <http://lists.peeringdb.com/pipermail/pdb-tech/attachments/20230222/1c4bf4be/attachment.png>
More information about the Pdb-tech
mailing list