Sso post err

Karan_Care · March 17, 2022, 8:28pm

Im using openresty
When I get the authorization code, I always get an error 404 when I send a post request to sso.

openresty log:
2022/03/18 04:13:25 [debug] 29706#0: *63 [lua] http.lua:638: send_request(): {“body”:“grant_type%3Dauthorization_code%26code%3Dmycode”,“path”:"/v2/oauth/toke",“headers”:{“Content-Length”:63,“Authorization”:“Basic somestring”,“User-Agent”:“lua-resty-http/0.12 (Lua) ngx_lua/10020”,“Host”:“login.eveonline.com”,“Content-Type”:“application/x-www-form-urlencoded”},“query”:"",“method”:“POST”}
2022/03/18 04:13:26 [debug] 29706#0: *63 [lua] callback.lua:61: https://login.eveonline.com/v2/oauth/toke

where is the error
Thanks for the kind help

Blacksmoke16 · March 18, 2022, 1:15am

Looks like you’re missing the n on your request URI. I.e. /v2/oauth/token not /v2/oauth/toke.

Karan_Care · March 18, 2022, 1:32am

thank you for your seriousness
while i change th URI, it returned as 400 {“error”:“invalid_grant”,“error_description”:“Grant type is not supported.”}

Karan_Care · March 18, 2022, 1:33am

thank you for your seriousness
while i change th URI, it returned as 400 {“error”:“invalid_grant”,“error_description”:“Grant type is not supported.”}

Karan_Care · March 18, 2022, 1:34am

I was always stuck here 400 before

Karan_Care · March 18, 2022, 2:05am

curl -XPOST -v -H “Content-Type:application/x-www-form-urlencoded” -H “Authorization:Basic url_safe_base64_string” -d ‘grant_type=authorization_code&code=X00WzkDmt0W86MpDVMWWgA’ https://login.eveonline.com/v2/oauth/token

return {“error”:“invalid_grant”,“error_description”:“Grant type authorization_code is not supported.”}

curl -XPOST -v -H “Content-Type:application/x-www-form-urlencoded” -H “Authorization:Basic url_safe_base64_string” -d ‘grant_type%3Dauthorization_code%26code%3DX00WzkDmt0W86MpDVMWWgA’ https://login.eveonline.com/v2/oauth/token

return {“error”:“invalid_grant”,“error_description”:“Grant type is not supported.”}

where is the diff? and why

Blacksmoke16 · March 18, 2022, 2:16am

Hmm, i was able to reproduce this. Give me a few to figure it out.

Blacksmoke16 · March 18, 2022, 2:22am

I think the gist of it is your authorization header isn’t right, but the error is less the clear…

To debug this, you should ensure that base64_encode("CLIENT_ID:CLIENT_SECRET") results in Q0xJRU5UX0lEOkNMSUVOVF9TRUNSRVQ=. Which might be as simple as removing the , true on ngx.encode_base64.

Karan_Care · March 18, 2022, 2:48am

Thanks for your suggestion, I finally got the correct result .

OAuth 2.0 for Web Based Applications

Create a URL safe Base64 encoded string where the contents before encoding are your application’s client ID, followed by a :, followed by your application’s secret key (e.g. URL safe Base64(<client_id>:<secret_key>)).

not URL safe Base64(<client_id>:<secret_key>), the true just is Base64(<client_id>:<secret_key>)

Blacksmoke16 · March 19, 2022, 12:41am

I created a PR to make this clearer in the docs: Clarify Auth header requirements by Blacksmoke16 · Pull Request #68 · esi/esi-docs · GitHub.

In the end I don’t think it really matters if it was URL safe or not given, in my limiting testing, doesn’t ever include those chars anyway. The crux of the problem in your case was the lack of padding.

system · June 17, 2022, 12:41am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ESI SSO POST request error JS Third Party Developers	3	530	October 18, 2021
Can't get token from SSO - Grant type authorization_code is not supported Third Party Developers	15	1177	May 7, 2022
ESI SSO POST error Invalid Grant Third Party Developers esi	5	948	May 3, 2022
Issue with SSO authentication Third Party Developers	3	1131	October 21, 2018
ESI: Unknown grant_type while trying to get access token Third Party Developers	3	1007	November 19, 2018

Sso post err

Related topics