Resource owner password credentials grant failing

[Nosherwan]

Resource owner password credentials grant failing

Description

I am trying to get tokens on behalf of a user by using /oauth2/token endpoint. However I receive different errors based on the following code in my web server app:

const url = `${fusionAuthBaseUrl}/oauth2/token`;
        const encodedSecret = Buffer.from('clientId:clientSecret').toString('base64')
        return Axios({
            method: 'POST',
            url,
            headers: {
                Authorization: `Basic ${encodedSecret}`,
            },
            data: {
                client_id: 'client_id',
                grant_type: 'password',
                username: "my@email.com",
                password: "password"
            }
        })
            .catch((error: any) => {
                console.log('FusionAuth userinfo call failed with error:', error)
            });

I suspect there is some requirement for the call that I have missed.

[robotdan]

Can you provide the error you're seeing?

Also, in your example code, assuming you're using the actual client Id and client secret in the authorization header and the request body?

For example, if ee31103f-2fc1-4bb5-ba95-ac543693503e and NcfHC6c8PVINFxuoap7tnILx0-ZJCl1U are your client Id and client secret respectively, then the Authorization header would look like this:

const encodedSecret = Buffer.from(
   'ee31103f-2fc1-4bb5-ba95-ac543693503e' +
   ':' +
   'NcfHC6c8PVINFxuoap7tnILx0-ZJCl1U').toString('base64');

// code

data: {
  client_id: 'ee31103f-2fc1-4bb5-ba95-ac543693503e',
  grant_type: 'password',
  username: "my@email.com",
  password: "password"
}

It looks like Axios defaults to the correct Content-Type header, but ensure you're sending a Content-Type header of application/x-www-form-urlencoded.

[Nosherwan]

Yes all of the above are being sent as you have suggested already. I just replaced the actual ids in the code above.
the error that I get is:
data: { error: 'invalid_request', error_description: 'The request is missing a required parameter: grant_type', error_reason: 'missing_grant_type' } } }

[robotdan]

Can you confirm the correct Content-Type header is set correctly? The request body looks correct otherwise, but I am not familiar with axios.

[Nosherwan]

Yes I have specifically set the content-type in the header has you requested, still got the same error.

[robotdan]

There must be something strange about how axios is encoding the request body.

Your issue looks to be similar to this one.

https://medium.com/@siwanyt/axios-x-www-form-urlencoded-issue-55de9564f8c0
Axios Issue #362 - Content-Type application/x-www-form-urlencoded

[Nosherwan]

Thanks @robotdan yes that was the issue I had to encode the data. I am however not getting refresh_token, only access_token.

[robotdan]

In order to receive a refresh token, you'll need to add the offline_access scope parameter to the request.

https://fusionauth.io/docs/v1/tech/oauth/endpoints#resource-owner-password-credentials-grant-request.

[Nosherwan]

Thanks @robotdan that solves it 👍🏼

[RameshDev92]

Hi @Nosherwan

can you please share me the sample code on how to get token using resource owner password credentials.
i am getting an error 'invalid client id param value '
let encoded_values=base64.encode('client id : client secret');
axios({
method: 'post',
url: '',
headers: {
'Content-type': 'application/x-www-form-urlencoded;charset=UTF-8',
'Authorization': "Basic "+encoded_values,
},
data: qs.stringify({
grant_type:"password",
username:"username",
password:"pw",
scope:"scope"
})
}
) .then((response) => {
alert(response)
})
.catch((error) => {
alert(JSON.stringify(error.response))
});

[Nosherwan]

@RameshAmzur the sample code is exactly as above with the only difference I encode the data before sending it via stringify function from a npm package called 'querystring'.
In your code try not to set content-type at all.

import { stringify } from 'querystring';

const url = `${fusionAuthBaseUrl}/oauth2/token`;
        const encodedSecret = Buffer.from('clientId:clientSecret').toString('base64')
        return Axios({
            method: 'POST',
            url,
            headers: {
                Authorization: `Basic ${encodedSecret}`,
            },
            data: stringify({
                client_id: 'client_id',
                grant_type: 'password',
                username: "my@email.com",
                password: "password"
            })
        })
            .catch((error: any) => {
                console.log('FusionAuth userinfo call failed with error:', error)
            });

[RameshDev92]

Thank you @Nosherwan.
It was working.
Can you please tell me how did you validated the token from back end.If you have any documentation please share with me.
We have downloaded the source code from oracle with this link
http://cloudtest.khamsoft.com/ClientWebApp/index.html

But with this code we are getting 401 unauthorized error while validating the token.But the same class is working for validating Authorization code flow.
Do we have to make any changes in the OAM level to validate token .

Thank you.