OAuth2 Auth Server: {"error":"invalid_request"}
966 views
Skip to first unread message
Konstantin Alexandroff
Mar 27, 2012, 1:10:09 PM3/27/12
to dotnet...@googlegroups.com
Hello again,
what are possible reasons for the {"error":"invalid_request"} when requesting access token? And is there a way to figure out the exact reason without debugging through DNOA?
Our situation is: everything works fine on dev/stage servers but failing in production. The only difference is "relaxSslRequirements" which is turned off for production. We're using just released DNOA 4.00.
Andrew Arnott
Mar 27, 2012, 8:08:06 PM3/27/12
to dotnet...@googlegroups.com
Hi K.,
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Please activate logging on the authorization server. This should give you a very good idea of exactly what's causing the failure.
BTW, error handling is still something of a rough area in DNOA's OAuth 2 support. We hope to improve this in the future. For example, by including the reason for the failure in the HTTP response.
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/LpWzmHq11I0J.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Message has been deleted
Andrew Arnott
Mar 30, 2012, 9:21:41 PM3/30/12
to dotnet...@googlegroups.com
authorization_expired is also returned if your implementation of IAuthorizationServer.IsAuthorizationValid returns false. Can you set a breakpoint there and make sure you're returning true?
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
On Thu, Mar 29, 2012 at 7:40 AM, Konstantin Alexandroff <k.alex...@gmail.com> wrote:
Great feature, thanks! Glimpse is a very handy solution.Unfortunately, it hasn't helped me much (yet). My invalid_request was, in fact, "authorization_expired". Needless to say that I've double checked the time on all three computers, they're synced. Anything I can do before diving into DNOA sources? (Well, I've already started but I'd prefer to stop doing that)).K
On Wednesday, March 28, 2012 4:08:06 AM UTC+4, Andrew Arnott wrote:
Hi K.,Please activate logging on the authorization server. This should give you a very good idea of exactly what's causing the failure.
BTW, error handling is still something of a rough area in DNOA's OAuth 2 support. We hope to improve this in the future. For example, by including the reason for the failure in the HTTP response.
On Tuesday, March 27, 2012, Konstantin Alexandroff wrote:
Hello again,what are possible reasons for the {"error":"invalid_request"} when requesting access token? And is there a way to figure out the exact reason without debugging through DNOA?Our situation is: everything works fine on dev/stage servers but failing in production. The only difference is "relaxSslRequirements" which is turned off for production. We're using just released DNOA 4.00.
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/LpWzmHq11I0J.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
--
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/5C6rXuWU7HYJ.
Konstantin Alexandroff
Mar 31, 2012, 4:06:50 AM3/31/12
to dotnet...@googlegroups.com
I've just fixed it yesterday. And you're right. I was so obsessed with the word 'expired' that I haven't thought the whole thing through. In my case I added the concept of trusted Clients, the ones for whom authorization is not needed. So AuthorizationService.CanBeAutoApproved was checking Client.IsTrusted and returning true while IsAuthorizationValid later was still looking for ClientAuthorization record which was never created. It's easy to see now but it was really confusing just yesterday. I think this is the case when activity diagram would be really helpful.
But anyway, thanks again for your great help!
Andrew Arnott
Mar 31, 2012, 10:09:10 AM3/31/12
to dotnet...@googlegroups.com
You're welcome. Inspired by your email, last night I went in and corrected the error codes the AS returns. Even the "right" error codes are sufficiently vague that it wouldn't have helped you much here. So I added more logging at the AS side that explains why errors are returned so you know exactly where to look next time. :)
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Reply all
Reply to author
Forward
0 new messages