I have configured the OAuth2 authorization server and resource server using spring-cloud-starter-oauth2. The authorization server uses JdbcTokenStore to persist the token (I still have the "Failed to find refresh token for token xxxx" message which seems to be a bug). However, the thing that I wish to resolve here is:
I am able to request for a new token and use it to fetch data from the resource server. However, once the token expires, I cannot refresh the token using the given refresh token.
Using curl:
curl -XPOST foo:secret#localhost:9009/myauthserver/oauth/token -d grant_type=refresh_token -d refresh_token=4187f090-a355-4613-bc17-2e4565ffdc0b
will return:
{"error":"server_error","error_description":"The given id must not be null!; nested exception is java.lang.IllegalArgumentException: The given id must not be null!"}
At the backend, the error is:
2017-02-20 15:47:31.058 WARN 11152 --- [nio-9009-exec-9]
.m.m.a.ExceptionHandlerExceptionResolver : Resolved exception caused
by Handler execution:
org.springframework.dao.InvalidDataAccessApiUsageException: The given
id must not be null!; nested exception is
java.lang.IllegalArgumentException: The given id must not be null!
The interesting thing is if I give an invalid token, it actually returns
{"error":"invalid_grant","error_description":"Invalid refresh token: 4187f090-a355-4613-bc17-2e4565ffdcee"}
Related
I am new using AWS Cognito. I have a springboot application where I am using aws cognito as our authentication provider.
I have configured cognito and login works perfectly that return access token and id token. However when I am trying to validate that access token via cognito I am getting 400 IOException.
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: https://cognito-idp.{region}.amazonaws.com/{poolid}/.well-known/jwks.json
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1997)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1589)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
at com.nimbusds.jose.util.DefaultResourceRetriever.getInputStream(DefaultResourceRetriever.java:305)
at com.nimbusds.jose.util.DefaultResourceRetriever.retrieveResource(DefaultResourceRetriever.java:257)
at com.nimbusds.jose.jwk.source.RemoteJWKSet.updateJWKSetFromURL(RemoteJWKSet.java:305)
I think that in your URL you still have the template variables from the example you copied from (e.g. {region} and {poolid}. Those tokens need to be replaced with actual values from your cognito settings so the ultimate URL is, for example:
https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxxxxx/.well-known/jwks.json
The IOException is likely caused by the invalid URL.
{"error":"IDX12709: JWT is not well formed: '[PII is hidden]'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'."}
Token is getting passed but when I am executing the api's i am getting the above error
I have an access token with the necessary scope. I also successful access the resource server. The error occur when the resource server try to fetch the user Principal from the Authorization server. I really hope i can get some hints or help about how i can solve this
The access Token:
{"access_token":"65ce0f1a-192f-4ad2-b7bb-cb9c7cbf0be9","token_type":"bearer","refresh_token":"f1e2a49d-5b24-4e9c-b9da-567eb47d6ab7","expires_in":149,"scope":"read write trust"}
The resource server call:
curl -H "Authorization:Bearer 65ce0f1a-192f-4ad2-b7bb-cb9c7cbf0be9" http://localhost:9001/resource/hello
Resource server output after the call:
2016-10-10 10:10:06.144 INFO 411 --- [nio-9001-exec-5] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9000/auth/user
The endpoint (localhost:9000/auth/user) get executed but i always get the following response to my curl request:
{"error":"insufficient_scope","error_description":"Insufficient scope for this resource","scope":"read"}
I resolved this by removing the user info uri from the resource server properties. Since I use a jdbc token store, the resource server can verify the authenticity of the token from the database and not relying on the auth server anymore.
I have a Google App Engine endpoints projects which is protected by Oauth2. I saw some request has failed due to Invalid token.
Request URL: https://example.appspot.com/_ah/api/mm/v1/list?filter=q%3Dtest&alt=json
Method: example.resource.list
Error Code: 401
Reason: required
Message: Invalid token.
I could log out the token from the HEADER of the request.
The token I get is access token, format like, ya29.vwGg-....
When I tried with
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=
to find out token information, like issue_to, client_id, extra.
It returns back with
{
error: "invalid_token",
error_description: "Invalid Value"
}
I have tested with
https://developers.google.com/oauthplayground
the url returns back the same error if the token has been expired.
My guess for the reason my request has failed is the token used has expired.
But not 100% sure.
Is there way to find token info about expired access token?
Or maybe more widely,
is there any way to find more info about invalid access token, like why it is invalid or anything else?
I remove google account and add google account, then login works.
Google's guide for Google Sign-In for Android on how to Authenticate with a backend server.
A simple way is to check the token, XYZ123 is your token
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
There are many ways to get token information. Generally token will be invalid for various reasons so of the important reasons are Invalid Signature and Token expired. You can use https://jwt.io to decode your token and get the info. Your error description clearly tells the reason about why your token is considered invalid. Try deep diving into the code and see why it says invalid value.
i am passing following header information using "rest client" plugin of firefox to the url "localhost/magento/api/rest/customers",
i am pass following header information:
Consumer key :olnnqgwm7gm75rtbft8w1wac4kp4vwig
Consumer secret:u9v6bdlpuopdlryc6vx0yjnslkj4vllo
Access token : null
Access token secret : null
i will give following response:
<magento_api>
<messages>
<error>
<data_item>
<code>401</code>
<message>
oauth_problem=parameter_absent&oauth_parameters_absent=oauth_token
</message>
</data_item>
</error>
</messages>
</magento_api>
so here i want to get Access token and Access token secret how to get it?
Access token : null
Access token secret : null
This is mandatory for getting the details of customer through REST Api. You have to configure the authentication process as defined here, please go through the article and you will get your answer.
Getting an Unauthorized Request Token
URI localhost/magento/oauth/initiate
Method: POST
Return: Sample Response: oauth_token=4cqw0r7vo0s5goyyqnjb72sqj3vxwr0h&oauth_token_secret=rig3x3j5a9z5j6d4ubjwyf9f1l21itrr&oauth_callback_confirmed=true
2.User Authorization
Uri: localhost/magento/oauth/authorize
Method: Get
Sample Response: /callback?oauth_token=tz2kmxyf3lagl3o95xnox9ia15k6mpt3&oauth_verifier=cbwwh03alr5huiz5c76wi4l21zf05eb0
NOTE:The second step of authentication. Without the user authorization in this step, it is impossible for your application to
obtain an Access Token.
3.Getting an Access Token
Uri: localhost/magento/oauth/token
Method: POST
Sample Response: oauth_token=0lnuajnuzeei2o8xcddii5us77xnb6v0&oauth_token_secret=1c6d2hycnir5ygf39fycs6zhtaagx8pd
If you complete all the above steps you will get the Access token and secret which can be used for getting customer response