Can't use "client_credentials" for supportedGrantTypes in JSON service definition?

[Phillip Rhodes]

Hi CAS community, I am experiencing an error when I try to configure an OAuth client with the supportedGrantTypes field in the JSON service definition file. 

Full details are here: <https://stackoverflow.com/questions/51549584/why-wont-cas-accept-client-credential-in-supportedgranttypes-field-of-service>

But the tl/dr; is that I get this error:

2018-07-26 22:12:25,879 DEBUG [org.apereo.cas.services.DefaultServiceRegistryExecutionPlan] - <Registering service registry [OAuth20Ser
viceRegistry] into the execution plan>
2018-07-26 22:12:25,836 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Registering service registry [OAuth20ServiceRegistry
] into the execution planorg.apereo.cas.services.ChainingServiceRegistry@7a9f1582]>
2018-07-26 22:12:26,124 ERROR [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - <Cannot read/parse [{"@class"
:"org.apereo.cas.support.oauth.services.OAuthRegisteredService","clientId":"test_client","clientSecret":"clientSe...] to deserialize in
to type [interface org.apereo.cas.services.RegisteredService]. This may be caused in the absence of a configuration/support module that
knows how to interpret the fragment, specially if the fragment describes a CAS registered service definition. Internal parsing error i
s [Could not resolve type id 'client_credentials' as a subtype of [collection type; class java.util.HashSet, contains [simple type, cla
ss java.lang.String]]: no such class found
at [Source: (String)"{"@class":"org.apereo.cas.support.oauth.services.OAuthRegisteredService","clientId":"test_client","clientSecret":
"clientSecret","bypassApprovalPrompt":true,"generateRefreshToken":false,"serviceId":"test_client","name":"TestOAuthClient","id":"100","
supportedGrantTypes":["client_credentials"]}"; line: 1, column: 291] (through reference chain: org.apereo.cas.support.oauth.services.OA
uthRegisteredService["supportedGrantTypes"])]>
2018-07-26 22:12:26,124 DEBUG [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - <Could not resolve type id 'c
lient_credentials' as a subtype of [collection type; class java.util.HashSet, contains [simple type, class java.lang.String]]: no such
class found
at [Source: (String)"{"@class":"org.apereo.cas.support.oauth.services.OAuthRegisteredService","clientId":"test_client","clientSecret":
"clientSecret","bypassApprovalPrompt":true,"generateRefreshToken":false,"serviceId":"test_client","name":"TestOAuthClient","id":"100","
supportedGrantTypes":["client_credentials"]}"; line: 1, column: 291] (through reference chain: org.apereo.cas.support.oauth.services.OA
uthRegisteredService["supportedGrantTypes"])>
com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id 'client_credentials' as a subtype of [collection t
ype; class java.util.HashSet, contains [simple type, class java.lang.String]]: no such class found
at [Source: (String)"{"@class":"org.apereo.cas.support.oauth.services.OAuthRegisteredService","clientId":"test_client","clientSecret":
"clientSecret","bypassApprovalPrompt":true,"generateRefreshToken":false,"serviceId":"test_client","name":"TestOAuthClient","id":"100","
supportedGrantTypes":["client_credentials"]}"; line: 1, column: 291] (through reference chain: org.apereo.cas.support.oauth.services.OA
uthRegisteredService["supportedGrantTypes"])

I can leave that field out completely and the service is registered, and I'm able to request a token using the client_credentials grant type, so it's not imperative that I fix this, but I would like to understand what's causing this behavior. This is using CAS 5.3.1 FWIW.

Any advice is greatly appreciated.

Thanks,

Phil

[Jon Hawkesworth]

I don't anything about this specifically but looking at the at error message it seems to be expecting something that it can transform that looks like a hashmap some kind of key value pair in your json, but it thinks it is getting a string.   So I'd check your service definition, it probably needs to look something like the following (the 'true' bit is a total guess, it may need to be something specific to what you are doing.

  "supportedGrantTypes": [ "java.util.HashSet", [ "client_credentials", "true" ] ],

If its not obvious what the value needs to be, its worth pulling the cas source code and finding the class that represents the supported grant types and looking through the code to see what it needs.

Hope this helps,

Jon

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10f0ba25-b254-4931-913e-069308a31af9%40apereo.org.

[Leo Ackerman]

Did you have any resolutions about this isuue?

I am facing a problem the username and password are not considered by CAS and accessToken service returns a valid token only considering a valid value for client_id.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.