I'm trying to build up an OAuth2 provider with Doorkeeper and I wanted to test all existing flows, but got stuck at the first attempt.

I'm trying to test the authorization code flow. Everything works fine on getting the authorization code, but once I try to get the access token something gets wrong. Below mentioned are some of the steps.

      describe 'when sends an access token request' do

        let(:access_params) do
          { grant_type:  'authorization_code',
            code:         authorization_code,
            redirect_uri: application.redirect_uri }
        end

        let(:access_uri) { '/oauth/token' }

        before { page.driver.post access_uri, access_params }

        it 'returns valid json' do
          pp page.source
        end

I was expecting the json with the final access token, but I got this error. I checked out pretty well the client and the params. All seems fine to me.

        {"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}

Can you help me on understanding what is missing? Thanks

有帮助吗?

解决方案

I finally got it work. I missed one important aspect about the OAuth2 specs, where the client must identify itself using basic auth. I solved adding it before the post, and it worked pretty well.

  before do
     page.driver.browser.authorize application.uid, application.secret
     page.driver.post access_uri, access_params
  end
许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top