Problem Requesting An Access Token In The OAuth 2.0 Module Of OAM11gR2

(Doc ID 2317121.1)

Last updated on OCTOBER 26, 2017

Applies to:

Oracle Mobile and Social - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Problem requesting an access token in the OAuth 2.0 module of Oracle Access Manager 11gR2
11.1.2.2.7 version, Authentication Engine

Trying to set up a three-legged authorization flow.

However, there are two major problems:

The first concerns when it comes to generating the ACCESS TOKEN, for a defined scope.
The second when we try to use an Identity Store is different from the default. In our case we are using Oracle Unified Directory and authenticate against this LDAP not the corresponding AUTHORIZATION CODE is generated and not taken for granted permissions to the scopes for which we consult

Usecase:

Customer has an oauth web app configured (but no resource servers configured) and the web app has a redirect url configured to go to
google.

In the browser they enter the url:

http://host:14100/ms_oauth/oauth2/endpoints/oauthservice/authorize?client_id=1516b4bcfa5432ab715988411d0294f&response_type=code&redirect_uri=https://developers.google.com/oauthplayground&scope-UserProfile.me&state=

This redirects them to OAM for a login. They have OAM configured to use OUD as the ldap store and they authenticate with a user from OUD. Authentication
succeeds but they they get an http-403/401 error. The issue is the the generation of an Access token. Just the authorization token is generated, but not the authentication one.

HTTP/1.1 401 Unauthorized
X-oracle-dms-ecid:
68e65c2d00513c29:-7f4128fa:150df2f0e43:-8000-000000000004171a
Transfer-encoding: chunked
X-powered-by: Servlet/2.5 JSP/2.1
Pragma: no-cache
Cache-control: no-cache, no-store, must-revalidate
Date: Mon, 09 Nov 2015 21:00:26 GMT
Content-type: application/json
{
"error_description": "Invalid Client Id or Resource Server Id +
Confidential Secret",
"error": "invalid_client"
}

Changes

 misconfiguration

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms