Uppercase username does not play nice with API Manager using curl

StackOverflow https://stackoverflow.com/questions/23494744

  •  16-07-2023
  •  | 
  •  

Question

I'am trying to get request an access token using grant_type=password with curl from wso2 API Manager. But I seems to me that every time I use a username with a Capital letter I get the error: {"error":"invalid_grant","error_description":"Provided Authorization Grant is invalid."}

and when I use a username with out lowercase letters I get: {"token_type":"bearer","expires_in":3600,"refresh_token":"a819b019c4aa925f127788526bc13851","access_token":"6f760484acafdf03e8371825e3cb656"}

Compare the following:

1.

curl -k -d "grant_type=password&username=david&password=Abc123&scope=PRODUCTION" -H "Authorization: Basic SlJXbVRoNmNaMDJGM1ZIYlZ6bW9XeUt0WnRJYTpnRVdzd2ZYTmJJMmJXUXc4ekJWVEw1b0VkU0Fh, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

2.

curl -k -d "grant_type=password&username=David&password=Abc123&scope=PRODUCTION" -H "Authorization: Basic V2ZsQnhGeDlFUzVwaVZuOXFEdlF5bWxuZEM4YTp4SnZNQTNCOHFud0N1MXZ1YTNvaGg3VF9mbkFh, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

Both users: - exist - can log in to localhost:9443/store/ - Has created an application with an API subscription

The only difference between them is that 2. has a capital letter. So my question is am I doing something wrong or is this a bug?

Was it helpful?

Solution

WSO2 OAuth endpoint lowers the username and tries to authenticate, hence, you are seeing the issue. Sourcecode for OAuth endpoint - check the getAccessToken method where the username case is lowered

OTHER TIPS

Yes. It is not correct to lower case the username before authentication. But i guess that actual issue is that your user store does support fore case sensitive username. Usually user stores such as LDAP, AD, JDBC only support for case insensitive usernames. Therefore you can not see any issue with this. I hope that you have configure APIM user store in to database database (such as H2 Oracle) which support case sensitive select queries. Therefore you may experience this issue. In such cases, you can configure the SQL query in the user store configuration to avoid case sensitive select

<Property name="UserFilterSQL">SELECT UM_USER_NAME FROM UM_USER WHERE UPPER(UM_USER_NAME) LIKE UPPER(?) AND UM_TENANT_ID=? ORDER BY UM_USER_NAME</Property>

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top