Two legged oauth flow (Client credentials) not working as expected

Hi,

I am trying to use the client credentials flow to build a connector for my application.

https://docs.celigo.com/hc/en-us/articles/11933835192859-Create-an-OAuth-2-0-iClient-resource#:~:text=for%20Code%20Exchange)-,Client%20credentials,-Password%20credentials

My server exposes two endpoints:

/token POST
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..

Response:
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..",
"expiresAt": "timestamp"
}


/tokeninfo POST
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NT..

Response:
{
"expiry": 12038129038...
}

The access token returned from the first API is used to make API calls to other endpoints.

When I try to test this connection, I can see in my server logs that the call to /token is never made, and instead the call to /tokeninfo is made directly.

Here is the configuration:

0

Comments

7 comments
Date Votes
  • Sagar Vrajalal what response do you get back from /tokeninfo if the token passed is old/bad/not there? We make calls to the /tokeninfo first and if we get a 401 back, we go through the process of getting a new token and retesting against /tokeninfo. However, some apis return a 200 everytime so you may need to configure "Override HTTP status code for auth errors" under the "non api response patterns" section if you get something other than 401 for bad tokens.

    0
  • Hi Tyler Lamparter

    Thanks, that was the problem. The API was returning a 400 status code. Changing it to 401 worked.

    What placeholder value do I use to then send the token to /tokeninfo ?

    I tried

    {
    "token": "{{connection.http.auth.token.token}}"
    }

    and

    {
    "token": "{{connection.http.token.token}}"
    }

    but neither seem to hold the token.

    0
  • UPDATE: Fixed

    I had to set "Override path to access token field in the HTTP response body" to "accessToken" (Default is access_token, but my API returns camelCase)

    0
  • Does this flow also handle automatic token refreshing, I wonder?

    0
  • Sagar Vrajalal glad you figured it out! Yes it does. When we hit a 401 or hit the 400 from a normal call, we will go get a new token automagically.

    0
  • Ah, interesting!

    What's the behavior if the 401 or 400 isn't caused by a bad / expired token?

    Does it just keep retrying the call? Is there a way to customize this?

    Tyler Lamparter

    0
  • Sagar Vrajalal there are 2 options. If your application doesn't follow standard HTTP protocols and return a 401 for "Unauthorized", then you can either specify a status code it returns that indicates an auth error or you can populate a path to auth error field and note what value indicates an auth error. If there could be multiple codes, you can comma separate in the field.

    0

Please sign in to leave a comment.

 

Didn't find what you were looking for?

New post