Oauth Client Secret Not Updating (Doc ID 2297383.1)

Last updated on DECEMBER 23, 2021

Applies to:

Symptoms

Using Oracle Mobile and Social - Version 11.1.2.3.0:

Oauth Client secret is not updating when using the OAuth in OAM to create and maintain OAuth clients, it is OK to create a client with no problem, and use that client to authenticate. However, when updating the client secret, the new secret displayed in the OAM console, however OAM continues to use the original secret for authentication, not the updated secret.

Steps to reproduce the issue:
==================
1. Navigate to /oamconsole , then got to Federation -> OAuth Services -> Default Domain -> Clients -> SPTest

2. Test the original ClientID and Client Secret by converting them through a Base64 Encoding program like https://www.base64encode.org/

3. Run the CURL Command:
curl -i -H "Authorization: Basic
NTBiZjk2M2M5ZmJkNDEzYmJlOTFiOTFhNmExNWNhMWY6MnVCd0pZYUw=" -H "Content-Type:
application/x-www-form-urlencoded;charset=UTF-8" -X POST
http://identity.example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -d "grant_type=client_credentials"

4. You should see success and a access token generated like this:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Thu, 13 Apr 2017 20:17:53 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
X-ORACLE-DMS-ECID: 0000Lhcxl1QCwkO_Uhw0yc1OvtxY0004oj
X-Powered-By: Servlet/2.5 JSP/2.1

{"oracle_client_assertion_type":"urn:ietf:params:oauth:client-assertion-type:j
wt-bearer","expires_in":604800,"token_type":"Bearer","oracle_tk_context":"clie
nt_assertion","access_token":"eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsIng1dCI6InV6
dGtDZktPNFVBY0MzUlEyaU5OcEoyTUhWZyIsImtpZCI6Im9yYWtleSJ9.eyJvcmFjbGUub2F1dGgud
GtfY29udGV4dCI6ImNsaWVudF9hc3NlcnRpb24iLCJleHAiOjE0OTI3MTk0NzMsInN1YiI6IjUwYmY
5NjNjOWZiZDQxM2JiZTkxYjkxYTZhMTVjYTFmIiwiaXNzIjoid3d3Lm9yYWNsZS5leGFtcGxlLmNvb
SIsInBybiI6IjUwYmY5NjNjOWZiZDQxM2JiZTkxYjkxYTZhMTVjYTFmIiwianRpIjoiMTE4NThhNGQ
tMzViZi00NjUxLThiYjAtNjJiMmI3NmRhMmJmIiwib3JhY2xlLm9hdXRoLnN2Y19wX24iOiJPQXV0a
FNlcnZpY2VQcm9maWxlIiwiaWF0IjoxNDkyMTE0NjczLCJvcmFjbGUub2F1dGguaWRfZF9pZCI6IjE
yMzQ1Njc4LTEyMzQtMTIzNC0xMjM0LTEyMzQ1Njc4OTAxMiIsInVzZXIudGVuYW50Lm5hbWUiOiJEZ
WZhdWx0RG9tYWluIiwib3JhY2xlLm9hdXRoLnBybi5pZF90eXBlIjoiQ2xpZW50SUQifQ.YTcs29ZK
uZmj-ExoJPJEu4uQrgpKeS7yPffwUZ0SHqtldk91NQj6W3Lv63SSTiXUlvlKCBc7vFtu5LRfIjPEDo
m6w0Bt

This is successfully generating a valid access token.

Now go back to /oamconsole , then got to Federation -> OAuth Services -> Default Domain -> Clients -> SPTest

Change the Client secret by clicking on the "Generate" button.

Save change.

Repeat steps 1 through 4 but this time use the new Client Secret to generate the base64 encoded value.

The results are as follows:
curl -i -H "Authorization: Basic
NTBiZjk2M2M5ZmJkNDEzYmJlOTFiOTFhNmExNWNhMWY6UWFFRUs2ODVkekhENW44" -H
"Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -X POST
http://identity.example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -d "grant_type=client_credentials"
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, must-revalidate
Date: Thu, 13 Apr 2017 20:17:17 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
X-ORACLE-DMS-ECID: 0000Lhcxc78CwkO_Uhw0yc1OvtxY0004oE
X-Powered-By: Servlet/2.5 JSP/2.1

{"error":"invalid_client","error_descriptiurl -i -H "Authorization: Basic
NTBiZjk2M2M5ZmJkNDEzYmJlOTFiOTFhNmExNWNhMWY6MnVCd0pZYUw=" -H "Content-Type:
application/x-www-form-urlencoded;charset=UTF-8" -X POST
http://identity.example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens -d "grant_type=client_credentials"

The result is no access token is generated and the result is a HTTP/1.1 401 Unauthorized

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.