Discussions
Categories
- 382.3K All Categories
- 2.1K Data
- 208 Big Data Appliance
- 1.9K Data Science
- 447.9K Databases
- 220.9K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 522 MySQL Community Space
- 465 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 490 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.1K SQL & PL/SQL
- 21K SQL Developer
- 293.2K Development
- 7 Developer Projects
- 128 Programming Languages
- 289.9K Development Tools
- 96 DevOps
- 3K QA/Testing
- 645.6K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 150 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 144 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 198 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 260 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 225 Portuguese
OAuth token - 401 Unauthorized
I followed the instructions here and here to secure the service here and used this Firefox add-on to send a request to the /oauth/token endpoint with Basic authentication provided the client_id and client_secret from the user_ords_clients view and POST body grant_type=client_credentials but I get a 401/Unauthorized
This support note talks about a WebLogic setting enforce-valid-basic-auth-credentials=false to disable Basic authentication but I am not sure whether apex.oracle.com uses WLS or Tomcat. Besides, on our own environment, we use Tomcat and we see the same error. Is there a equivalent setting for Tomcat? Or is there something else going on here?
Any ideas?
Thanks
Answers
-
-
tell us what you're doing, in detail
-
I thought I did. I followed the articles I linked to setup a REST service. When it is not secured using a role/privilege, it works fine. When I add a client using the OAUTH API and secure the service using a Oauth client credentials, I am unable to access the /oauth/token endpoint to retrieve the Bearer token.
-
The steps are in this article https://learncodeshare.net/2018/12/10/how-to-secure-your-ords-service/
curl -i -k --user X:Y --data "grant_type=client_credentials" https://apex.oracle.com/pls/apex/vikasa/oauth/token
where X:Y are the client_id:client_secret values from the user_ords_clients view
returns a 401/Unauthorized error
Any ideas?
-
i'd rather not read through the articles and guess what you did
you mention wls, tomcat...but are you using those?
"I am unable to access the /oauth/token endpoint to retrieve the Bearer token."
Show us?
-
you're on apex.oracle.com - that's hosted, and i'm not sure it supports the oauth2 workflow
In general we assume you've installed oracle, apex, and ORDS yourself when posting questions here...if you're using apex.oracle.com, that's a different rig/setup altogether, and better answered/supported over in the APEX specific community or their slack channel
-
Fair enough. See my last post. On my own environment, I am using Tomcat. But for the purpose of demonstrating the problem, I am using apex.oracle.com. The symptoms I see are identical so I thought it makes sense to use when seeking help on this forum.
Anyway, on my own environment, the /ords/hr/employees/7788 endpoint works fine which would indicate that ORDS is setup correctly and talking to the ORDS metadata engine.
However, when I use OAUTH.create_client, OAUTH.grant_client_role and then attempt to use the /ords/hr/oauth/token endpoint using curl, I get a 401 error instead of the Bearer token.
How can I troubleshoot this?
-
You should be going somewhere like here to get your token
curl -i -k \--user [client_id]:[client_secret] \--data "grant_type=client_credentials"\https://[obfuscated.com/ords/schema/oauth/token
If you're using SQLDev web, we make it easy to get your token, or we'll even generate the cURL command for you
That talks about autonomous, but will work anywhere you have ords 20.4 going and sqldev web enabled
-
Yes, that's exactly the curl command I am using but it throws a 401 error! My ORDS version is 19.4
-
are you sure your client id and secret are right? are you sure your oauth client has the proper privs? apparently not, hence the 401
