Digital Developer Conference: a FREE half-day online conference focused on AI & Cloud – North America: Nov 2 – India: Nov 9 – Europe: Nov 14 – Asia Nov 23 Register now

Close outline
  • United States
IBM?
  • Site map
IBM?
  • Marketplace

  • Close
    Search
  • Sign in
    • Sign in
    • Register
  • IBM Navigation
IBM Developer Answers
  • Spaces
    • Blockchain
    • IBM Cloud platform
    • Internet of Things
    • Predictive Analytics
    • Watson
    • See all spaces
  • Tags
  • Users
  • Badges
  • FAQ
  • Help
Close

Name

Community

  • Learn
  • Develop
  • Connect

Discover IBM

  • ConnectMarketplace
  • Products
  • Services
  • Industries
  • Careers
  • Partners
  • Support
10.190.13.195

Refine your search by using the following advanced search options.

Criteria Usage
Questions with keyword1 or keyword2 keyword1 keyword2
Questions with a mandatory word, e.g. keyword2 keyword1 +keyword2
Questions excluding a word, e.g. keyword2 keyword1 -keyword2
Questions with keyword(s) and a specific tag keyword1 [tag1]
Questions with keyword(s) and either of two or more specific tags keyword1 [tag1] [tag2]
To search for all posts by a user or all posts with a specific tag, start typing and choose from the suggestion list. Do not use a plus or minus sign with a tag, e.g., +[tag1].
  • Ask a question

How to generate the access token using OAuth2 SSO service

2700072W19 gravatar image
Question by Sarah Magdy  (18) | Jul 02, 2014 at 05:56 AM how-tossoserviceibmcloud

Hello, I'm trying to use the OAuth2 SSO service to authenticate the user using LinkedIn. I've done the below steps: 1- Provisioned,bound and configured the SSO service on Bluemix 2- Saved the generated client ID and client Secret in application's config file. 3- Redirected the user to the "authorize_url" appending the generated "client_id". 4- Got redirected to the app's redirect URI with the generated code.

My problem is in the next step, I need to generated the access token in order to access the user's profile. The problem is when I try to hit the "token_url" posting the following parameters: grant_type=authorization_code&code=&client_id=<client_id>&client_secret=<client_secret>&redirect_uri=<redirect_uri>

I get the below error: {"error":"invalid_client","error_description":"FBTOAU220E The authenticated client id: 'http://www.linkedin.com/XXXXX' does not match the client id in the request body: '<generated_client_id>'."}

Any suggestions? Thanks

People who like this

  0
Comment
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster

2 answers

  • Sort: 
110000R98V gravatar image

Answer by Shane Weeden (455) | Jul 02, 2014 at 05:15 PM

Yes - your connection to the token endpoint is including browser cookies from the authenticated session between the end user and the authorize endpoint. Are you running your app "in the browser"? The communications between the application and the token endpoint should be separate from that between the browser and the authorize endpoint.

Comment

People who like this

  0   Show 3   Share
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
270002T3RU gravatar image EusebiuMarcu (1)   Oct 22, 2014 at 10:54 AM 0
Share

I have the same problem with the current version of BlueMix SSO. In my case I have a Cordova based app which is using the InAppBrowser to do the above steps 1-4. When I am requesting the access token, I get the same error. The call to the token end point is done via $.ajax(...) from the main Cordova app (not from the InAppBrowser). The main difference is that I am using IBM SSO Service (not LinkedIn).

Do I need to go to native code?

110000R98V gravatar image Shane Weeden (455)   Oct 26, 2014 at 07:23 PM 0
Share

Either go to native code, or figure out a way to have your ajax call from the Cordova app NOT send browser session cookies. I am not familiar enough with Cordova to provide more specific advise than that.

310001NNQ2 gravatar image gkaradi (1) Shane Weeden (455)   Apr 15, 2016 at 07:39 PM 0
Share

Hi Shane,

I am testing the Oauth using browser. I was able to test it by using two different browsers. I am not getting this, however when I invoke the authorize end point act on the user consent. I get the authroization code. If I hit the URL again on the same browser after sometime, it wont prompt for authentication(whcih makes sense). but it does not show me a new authorization code either. Am I missing something? is it suppose to behave this way since the User provides consent once and its upto client to capture the authorization code to get AT in next steps? Thanks in advance...

Thanks, GK

2700072W19 gravatar image

Answer by Sarah Magdy (18) | Jul 03, 2014 at 10:22 AM

Hi Shane, thanks for your help. Exactly, my problem was using the browser to hit the token endpoint posting the necessary parameters. Now it's working fine after connecting directly from the application to the token endpoint. Thanks!

Comment

People who like this

  0   Share
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster

Follow this question

2 people are following this question.

Answers

Answers & comments

Related questions

SSO Service Creation Error 2 Answers

Cannot bind sso to my nodejs app 2 Answers

How to get rid of pop ups during facebook sso login 2 Answers

How to modify server.xml of liberty in DevOps 2 Answers

SSO Service (Beta) - Will custom IdPs be supported? 1 Answer

  • Contact
  • Privacy
  • IBM Developer Terms of use
  • Accessibility
  • Report Abuse
  • Cookie Preferences

Powered by AnswerHub

Authentication check. Please ignore.
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • API Connect
  • Analytic Hybrid Cloud Core
  • Application Performance Management
  • Appsecdev
  • BPM
  • Blockchain
  • Business Transaction Intelligence
  • CAPI
  • CAPI SNAP
  • CICS
  • Cloud Analytics
  • Cloud Automation
  • Cloud Object Storage
  • Cloud marketplace
  • Collaboration
  • Content Services (ECM)
  • Continuous Testing
  • Courses
  • Customer Experience Analytics
  • DB2 LUW
  • Data and AI
  • DataPower
  • Decision Optimization
  • DevOps Build
  • DevOps Services
  • Developers IBM MX
  • Digital Commerce
  • Digital Experience
  • Finance
  • Global Entrepreneur Program
  • Hadoop
  • Hybrid Cloud Core
  • Hyper Protect
  • IBM Cloud platform
  • IBM Design
  • IBM Forms Experience Builder
  • IBM Maximo Developer
  • IBM StoredIQ
  • IBM StoredIQ-Cartridges
  • IIDR
  • ITOA
  • InformationServer
  • Integration Bus
  • Internet of Things
  • Kenexa
  • Linux on Power
  • LinuxONE
  • MDM
  • Mainframe
  • Messaging
  • Node.js
  • ODM
  • Open
  • PartnerWorld Developer Support
  • PowerAI
  • PowerVC
  • Predictive Analytics
  • Product Insights
  • PureData for Analytics
  • Push
  • QRadar App Development
  • Run Book Automation
  • Search Insights
  • Security Core
  • Storage
  • Storage Core
  • Streamsdev
  • Supply Chain Business Network
  • Supply Chain Insights
  • Swift
  • UBX Capture
  • Universal Behavior Exchange
  • UrbanCode
  • WASdev
  • WSRR
  • Watson
  • Watson Campaign Automation
  • Watson Content Hub
  • Watson Marketing Insights
  • dW Answers Help
  • dW Premium
  • developerWorks Sandbox
  • developerWorks Team
  • Watson Health
  • More
  • Tags
  • Questions
  • Users
  • Badges