Comments (17)
pedroetb
commented on July 17, 2024
In app.js, change this:
app.oauth = oauthserver({
model: require('./model.js'),
grants: ['password'],
debug: true
});
with this:
app.oauth = oauthserver({
model: require('./model.js'),
grants: ['password', 'client_credentials'],
debug: true
});
In other words, add 'client_credentials' grant type to grants array.
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
Ok. I did that and tried get a token and I get
{
"code": 400,
"error": "invalid_client",
"error_description": "The grant type is unauthorised for this client_id"
}
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
that is the error I get back in postman. This is the error that pops up in Node when i try and hit it with client credentials
Connected successfully to "mongodb://localhost/oauth"
Error
at OAuth2Error (/var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/error.js:30:12)
at /var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/grant.js:343:19
at Object.grantTypeAllowed (/var/www/html/node-oauth2-server-mongo-example/model.js:105:2)
at Grant.checkGrantTypeAllowed (/var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/grant.js:338:14)
at run (/var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/runner.js:15:14)
at /var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/runner.js:17:7
at /var/www/html/node-oauth2-server-mongo-example/node_modules/oauth2-server/lib/grant.js:147:5
at Query. (/var/www/html/node-oauth2-server-mongo-example/node_modules/mongoose/lib/model.js:4081:16)
at /var/www/html/node-oauth2-server-mongo-example/node_modules/kareem/index.js:273:21
at /var/www/html/node-oauth2-server-mongo-example/node_modules/kareem/index.js:131:16
at _combinedTickCallback (internal/process/next_tick.js:67:7)
at process._tickCallback (internal/process/next_tick.js:98:9)
from node-oauth2-server-mongo-example.
pedroetb
commented on July 17, 2024
Can you share the full request you are sending? Maybe the client_id is wrong or just missing.
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
sure. here is the request with password grant type, its successful.
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
here is with client credentials
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
POST /oauth/token HTTP/1.1
Host: 10.80.141.163:3000
Authorization: Basic YXBwbGljYXRpb246c2VjcmV0
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 0c61eb42-55ec-5db8-225b-4a58e4a29d5b
grant_type=client_credentials&username=test&password=test
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
i tried with and without the username & pswd
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
any ideas how I can use the client_credentials grant type ? I also looked in model.js password grant type is defined for callback, i tried changing that to client_credentials but that also did not work.
from node-oauth2-server-mongo-example.
pedroetb
commented on July 17, 2024
You are missing the Authorization header with a valid combination of client identifier and secret Username and password are for users, you only need to identify the client (whole application, not a user of the application) with client_credentials grant type.
Check the readme of my no-mongo repo , it contains a basic example:
curl http://localhost:3000/oauth/token \
-d "grant_type=client_credentials" \
-H "Authorization: Basic Y29uZmlkZW50aWFsQXBwbGljYXRpb246dG9wU2VjcmV0" \
-H "Content-Type: application/x-www-form-urlencoded"
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
Do I need to create a new client ? or is this client also in this repo code ?
There is one confidential client added to server and ready to work:
clientId: confidentialApplication
secret: topSecret
I am using Authorization in the header. Here is my current request.
POST /oauth/token HTTP/1.1
Host: 10.80.141.163:3000
Authorization: Basic YXBwbGljYXRpb246c2VjcmV0
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 7e612cbb-25eb-98f6-8619-68f7b1fbac8e
grant_type=client_credentials
Im using the default client
clientId: application
secret: secret
from node-oauth2-server-mongo-example.
vsantoro
commented on July 17, 2024
does my request look correct ?
from node-oauth2-server-mongo-example.
pedroetb
commented on July 17, 2024
My bad, this repo is outdated compared to the other one. There is no support for client_credentials grant type by now.
Soon I hope to spend some time updating these projects, to have the same possibilities. And maybe, upgrade to next major version (3.x) of oauth2-server.
Your last request seems ok, by the way!
from node-oauth2-server-mongo-example.
pedroetb
commented on July 17, 2024
Working at eb7356e
from node-oauth2-server-mongo-example.
Related Issues (9)
- how do you - You can call the loadExampleData function at model.js in order to create these entries automatically. HOT 5
- Invalid grant: refresh token is invalid HOT 1
- MongoDB atlas? HOT 1
- can this play nicely with Next-authJS HOT 3
- HTTPS instead of HTTP HOT 1
- REQ : upgrade oidc HOT 2
- scope implementation HOT 1
- Can't generate refresh token with grant type refresh_token HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-oauth2-server-mongo-example.