1 Reply Latest reply on Jul 11, 2019 7:49 AM by james1.hicks

    Invalid Client error when using Oath2 Resource Owner Grant method for API Authentication, Response of Client ID is null?

    james1.hicks Novice

      Been using the Jive API on a Cloud IDE for past few years. Having to migrate away and develop locally on Windows and running into issues.

       

      When I use the Resource Owner Grant method described in OAuth 2.0—Creating a Client and Managing Access  to get the access token.

       

      I'm running the below command:

      curl -u '<client_id>:<client_secret>' -d 'grant_type=password&username=<username>&password=<password>' -insecure -k https://mysite.com/oauth2/token

      The response on the Cloud IDE, outside of our proxy, is:

      {"access_token":"*****","refresh_token":"****","token_type":"bearer","expires_in":"172799"}

      When running on my local computer I get:

      * Uses proxy env variable https_proxy == 'http://proxy.mysite.com:8080'

      *  * TCP_NODELAY set

      * Connected to proxy.mysite.com (***) port 8080 (#0)

      * allocate connect buffer!

      * Establish HTTP proxy tunnel to atlas.dish.com:443

      * Server auth using Basic with user '***'

      > CONNECT jive-site.com:443 HTTP/1.1

      > Host: jive-site.com:443

      > User-Agent: curl/7.65.1

      > Proxy-Connection: Keep-Alive

      >

      < HTTP/1.1 200 Connection established

      HTTP/1.1 200 Connection established

      <

       

       

      * Proxy replied 200 to CONNECT request

      * CONNECT phase completed!

      * ALPN, offering h2

      * ALPN, offering http/1.1

      * successfully set certificate verify locations:

      *   CAfile: C:/Users/Me/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt

        CApath: none

      * TLSv1.3 (OUT), TLS handshake, Client hello (1):

      * CONNECT phase completed!

      * CONNECT phase completed!

      * TLSv1.3 (IN), TLS handshake, Server hello (2):

      * TLSv1.2 (IN), TLS handshake, Certificate (11):

      * TLSv1.2 (IN), TLS handshake, Server key exchange (12):

      * TLSv1.2 (IN), TLS handshake, Server finished (14):

      * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

      * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

      * TLSv1.2 (OUT), TLS handshake, Finished (20):

      * TLSv1.2 (IN), TLS handshake, Finished (20):

      * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

      * ALPN, server did not agree to a protocol

      * Server certificate:

      *  subject: CN=vanityurl.jiveon.com

      *  start date: Apr 23 16:22:43 2019 GMT

      *  expire date: Jul 22 16:22:43 2019 GMT

      *  issuer: C=US; ST=*; L=*; O=*; OU=*; CN=*; emailAddress=*

      *  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

      * Server auth using Basic with user '*'

      > POST /oauth2/token HTTP/1.1

      > Host: jive-site.com

      > Authorization: Basic ***

      > User-Agent: curl/7.65.1

      > Accept: */*

      > Referer: cure

      > Content-Length: 85

      > Content-Type: application/x-www-form-urlencoded

      >

      * upload completely sent off: 85 out of 85 bytes

      * Mark bundle as not supporting multiuse

      < HTTP/1.1 400 Bad Request

      HTTP/1.1 400 Bad Request

      < Server: openresty/1.13.6.2

      Server: openresty/1.13.6.2

      < Content-Type: application/json;charset=ISO-8859-1

      Content-Type application/json;charset=ISO-8859-1

      < Expires: Sun, 30 Jun 2019 19:40:45 GMT

      Expires: Sun, 30 Jun 2019 19:40:45 GMT

      < Cache-Control: no-cache

      Cache-Control: no-cache

      < Pragma: no-cache

      Pragma: no-cache

      < x-jive-request-id: f43d32b0-9b6e-11e9-b0ca-0242ac108509

      x-jive-request-id: f43d32b0-9b6e-11e9-b0ca-0242ac108509

      < x-jive-flow-id: f43d32b1-9b6e-11e9-b0ca-0242ac108509

      x-jive-flow-id: f43d32b1-9b6e-11e9-b0ca-0242ac108509

      < strict-transport-security: max-age=604800; includeSubDomains; preload

      strict-transport-security: max-age=604800; includeSubDomains; preload

      < x-frame-options: SAMEORIGIN

      x-frame-options: SAMEORIGIN

      < p3p: CP="CAO PSA OUR"

      p3p: CP="CAO PSA OUR"

      < x-jive-user-id: -1

      x-jive-user-id: -1

      < x-xss-protection: 1; mode=block

      x-xss-protection: 1; mode=block

      < x-content-type-options: nosniff

      x-content-type-options: nosniff

      < Content-Language: en

      Content-Language: en

      < Strict-Transport-Security: max-age=15768000; includeSubDomains

      Strict-Transport-Security: max-age=15768000; includeSubDomains

      < Date: Sun, 30 Jun 2019 19:40:45 GMT

      Date: Sun, 30 Jun 2019 19:40:45 GMT

      < Connection: close

      Connection: close

      < Set-Cookie: route=*; Path=/

      Set-Cookie: route=*; Path=/

      < Set-Cookie: jive.login.ts=1561923645787; Path=/; Secure; HttpOnly

      Set-Cookie: jive.login.ts=1561923645787; Path=/; Secure; HttpOnly

      < Set-Cookie: JSESSIONID=*; Path=/; Secure; HttpOnly

      Set-Cookie: JSESSIONID=*; Path=/; Secure; HttpOnly

       

       

      <

       

       

       

      {"error":"invalid_client","error_description":"The client ID is invalid or not registered: null"}

      * Closing connection 0

      * TLSv1.2 (OUT), TLS alert, close notify (256):

      I see from the above that I get a connection of 200, so I am assuming I am making contact with Jive servers. But then I get a response of 400 and the bolded part I see the client ID is invalid or not registered and is null. We've been using this client_id and client_secret for a few years so I know they work.

       

      Anyone have any idea why this isn't working on Windows? I believe I am getting through the proxy, with the 200 initial status, but the client ID isn't being read? Is there a syntax difference with the command on Windows?

       

      Thank you,

      James