1 Reply Latest reply on Sep 21, 2016 9:29 AM by Chris Menten

Getting Unauthorized when trying to obtain token from OAuth2.0 (ORDS 3.0.6)

Hawk333 Sep 15, 2016 8:42 AM

I am trying to implement Two-legged OAuth2 following this tutorial: http://www.cloudnueva.com/blog/archives/08-2016

I am using ORDS 3.0.6. I managed to follow the instructions up to 'Obtaining An Authorization Token' where I keep getting ' 401 Unauthorized'.

Here are my steps (from schema called 'AUDIT'):

--Enable schema:
BEGIN
ORDS.ENABLE_SCHEMA(
   TRUE,
   'AUDIT');
END;
/

--Define module
begin
ORDS.define_module(
   'v1',
   'v1/');
END;
/

--define template
BEGIN
ords.define_template(
      'v1',
      'customer/');
END;
/

--define handler:
BEGIN
ORDS.define_handler(
      'v1',
      'customer/',
      'GET',
      ords.source_type_collection_feed,
      'SELECT 1 from dual');
      commit;
END;
/

I can call the service successfully using 'https://example.com/ords/audit/v1/customer'

Then I continue with the steps as follows:

--Create privilege:
begin
  ords.create_privilege(
      p_name => 'audit.customer',
      p_role_name => NULL,
      p_label => 'Customer Service Privilege',
      p_description => 'Provide access to the customer service');
  COMMIT;
END;
/

--Create validation mapping:
begin
ords.create_privilege_mapping(
      p_privilege_name => 'audit.customer',
      p_pattern => '/v1/customer');   
  commit;
end;
/

--I run validation queries on both tables 'user_ords_privileges' and 'user_ords_privilege_mappings', and they return correct result

--Create new client:
begin
oauth.create_client(
      p_name => 'ABC INC Sales System',
      p_description => 'Sales System for ABC INC.',
      p_grant_type => 'client_credentials',
      p_privilege_names => 'audit.customer',
      p_support_email => 'fred@abcinc.com');
commit;
END;
/

I ran the query below, and got the client id and secret:

select client_id,client_secret from user_ords_clients;

Now when I try to obtain a session token, (using Postman) I key in the client ID in the username field. And the client secret in the password field. I also add the pair (grant-type/client_credentials) to the body. When I try to send POST request, I get '401 Unauthorized'.

What could be wrong here? And is there any way to debug this?

Thank you

1. Re: Getting Unauthorized when trying to obtain token from OAuth2.0 (ORDS 3.0.6)

Chris Menten Sep 21, 2016 9:29 AM (in response to Hawk333)

Why are you sending a POST request?
Looking at your code, you only set up a handler for handling GET requests.

I prefer using cURL to test my services, haven't used Postman yet.
For Client credentials flow you can do this with the following commands (replace the bold text with your own data)

curl -i --user clientId:clientSecret --data "grant_type=client_credentials" https://example.com/ords/audit/oauth/token

This will give a response with your accessToken. Remember to use the correct URL here (ending with oauth/token) to request your token.

curl -i -H "Authorization: Bearer accessToken" https://example.com/ords/audit/v1/customer

This should give you the correct response if you requested it within the correct timeframe of the accessToken (usually 1 hour).
Like Show 0 Likes(0)

Actions