Hello, I'm trying to use the OAuth2 SSO service to authenticate the user using LinkedIn. I've done the below steps: 1- Provisioned,bound and configured the SSO service on Bluemix 2- Saved the generated client ID and client Secret in application's config file. 3- Redirected the user to the "authorize_url" appending the generated "client_id". 4- Got redirected to the app's redirect URI with the generated code.
My problem is in the next step, I need to generated the access token in order to access the user's profile. The problem is when I try to hit the "token_url" posting the following parameters: grant_type=authorization_code&code=&client_id=<client_id>&client_secret=<client_secret>&redirect_uri=<redirect_uri>
I get the below error: {"error":"invalid_client","error_description":"FBTOAU220E The authenticated client id: 'http://www.linkedin.com/XXXXX' does not match the client id in the request body: '<generated_client_id>'."}
Any suggestions? Thanks
Answer by Shane Weeden (455) | Jul 02, 2014 at 05:15 PM
Yes - your connection to the token endpoint is including browser cookies from the authenticated session between the end user and the authorize endpoint. Are you running your app "in the browser"? The communications between the application and the token endpoint should be separate from that between the browser and the authorize endpoint.
I have the same problem with the current version of BlueMix SSO. In my case I have a Cordova based app which is using the InAppBrowser to do the above steps 1-4. When I am requesting the access token, I get the same error. The call to the token end point is done via $.ajax(...) from the main Cordova app (not from the InAppBrowser). The main difference is that I am using IBM SSO Service (not LinkedIn).
Do I need to go to native code?
Either go to native code, or figure out a way to have your ajax call from the Cordova app NOT send browser session cookies. I am not familiar enough with Cordova to provide more specific advise than that.
Hi Shane,
I am testing the Oauth using browser. I was able to test it by using two different browsers. I am not getting this, however when I invoke the authorize end point act on the user consent. I get the authroization code. If I hit the URL again on the same browser after sometime, it wont prompt for authentication(whcih makes sense). but it does not show me a new authorization code either. Am I missing something? is it suppose to behave this way since the User provides consent once and its upto client to capture the authorization code to get AT in next steps? Thanks in advance...
Thanks, GK
Answer by Sarah Magdy (18) | Jul 03, 2014 at 10:22 AM
Hi Shane, thanks for your help. Exactly, my problem was using the browser to hit the token endpoint posting the necessary parameters. Now it's working fine after connecting directly from the application to the token endpoint. Thanks!
SSO Service Creation Error 2 Answers
Cannot bind sso to my nodejs app 2 Answers
How to get rid of pop ups during facebook sso login 2 Answers
How to modify server.xml of liberty in DevOps 2 Answers
SSO Service (Beta) - Will custom IdPs be supported? 1 Answer