Like you mentioned, the protocol is this:
You make a post request to the access token end-point to get a token (you need to provide here your client_id and your client_secret as headers or as query parameters);
You get an answer similar to this:
{"access_token":"sometoken","expires_in":300}
; 2.1 Worth knowing is that the token is url encoded and in UTF-8 format so, on Java side you need to doURLDecoder.decode("sometoken", "UTF-8");
while on .NET side you need to doHttpUtility.UrlDecode("sometoken", System.Text.Encoding.UTF8);
;Your next request needs to include the authorization header. On Java side you do
builder.header("authorization", "OAuth " + decodedTokenString);
while on .NET side you can useClient.Headers["authorization"] = "OAuth " + DecodedTokenString;
Worth mentioning is that the SharedSecret defined in the cd_webservice_conf.xml (/Configuration/AuthenticationServer/SharedSecret/
) of the TokenAccessPoint needs to be the same as the SharedSecret defined in the cd_ambient_conf.xml (/Configuration/Security/SharedSecret/
) of the (WebService)EndPoint.
Are you sure you decoded properly the token gotten from the server? Are you sure that you configured the proper SharedSecret in the two configuration files?
Hope this helps.