1.8 Apha - Continuing on The Client Credentials Discussion

cslaughter · January 13, 2016, 6:45am

Continuing the discussion from 1.8 Alpha - Trouble With Some API Calls:

@cslaughter i’ve added some bits to the API today that might help you in your efforts (although I don’t know exactly what your integration does, so I can’t be sure!).

Up until now the Authorization server has only implemented the flow for authorization_code grants, where by the user is directed around the page to authorize the application request. However, i’ve now added support for client_credentials grants where the client_id and secret are enough to obtain an access token. This is intended for machine to machine implementations.

Therefore the application edit form now looks like this:

Pasted image916×677 44.6 KB

You tick the client credentials grant type and include grant_type=client_credentials in your request to /api/authorize/access_token to get access to this grant.

I’ve also expanded and updated the documentation in the manual: http://xibo.org.uk/manual-tempel/en/cms_api.html

We are finally trying to correctly implement machine to machine access request, but when we try to do use the client_credentials we get “Client authentication failed.” The log only shows us this:

3 4947799 2016-01-12 22:25 AUTH GET DEBUG / Storage rollback.
2 4947799 2016-01-12 22:25 AUTH GET DEBUG / Client authentication failed.

I think the problem is ours; but looking at our code versus the documentation it gets a little fuzzy as to where to pass the “grant_type”, as we had not used it before and things are working.

Our Authorization url looks like this:

https://domain.com/xibo18alpha/web/api/authorize?client_id=2OJs5SjIfFBMcPFwLbCP67yT9nE1swtOHPvqinxS&redirect_uri=Domain/Path/To/Xibo/index.php&state=L0u9HkMl59InuAOpWpDOpOfZThFJOk7E&scope=&response_type=code&approval_prompt=auto&grant_type=client_credentials

Did we interrupt the documentation correctly?

Update No we did not interrupted that correctly. If anyone is interested these links may help:

http://developer.gettyimages.com/forum/read/184531

We still cannot get a valid response back, but this is most likely not a Xibo problem.

dan · January 19, 2016, 8:30am

With client_credentials grants you do not need to use the first part of the flow, as your client ID/secret are enough to log you in.

See my postman config for testing this:

You’ll get back an access_token from that directly.

cslaughter · January 20, 2016, 5:46am

Thank you Dan for the screenshot of the config.

That verifies what we got from the links above, which is helpful to us. We just can’t seem to get the same result with our code. So we are looking into it.

dan · January 20, 2016, 10:09am

OK sure - if you need help let us know

cslaughter · January 21, 2016, 6:23am

I can’t see the problem thru the code

$client = new GuzzleHttp\Client();

$form_params=array(
		'client_id' => CLIENT_ID ,
		'client_secret' => CLIENT_SECRET ,
		'grant_type' => 'client_credentials'
);

try {			
	$request = $client->request('POST', SERVER_BASE.'/api/authorize/access_token', [
			'headers' => [
				'Content-Type' => 'application/x-www-form-urlencoded'
			],
			'form_params' => $form_params
	]);
}catch (\GuzzleHttp\Exception\RequestException $e) {
echo 'Client Exception: ' . $e->getMessage() . PHP_EOL .'<br>';
if ($e->hasResponse()) {
echo  $e->getResponse()->getBody() . PHP_EOL .'<br>';
}
}

We get this:

The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "grant_type" parameter.

Tried with and without the headers… Still looking for the emoji of beating my head against a wall.

Update: Updated to correct the double form_params array. We also tried a slightly tweaked version of this and get a blank response back from the API.

Update 2: Solved by correctly phrasing the response that we thought was blank.

dan · January 21, 2016, 9:36am

Looks like you went through the mill on that one!

Glad you have it working now though

cslaughter · January 21, 2016, 11:37pm

We did go through the mill. I have this love hate relationship with Guzzle. I think part of the problem is that it has changed so quickly from version to version. But in the end, it is working. Thank you Dan.

dan · January 22, 2016, 7:55am

Absolutely - the bugs don’t help either. It seems like we have arrived at a reasonable solution, and we are certainly grateful for your time with it!

cslaughter · January 22, 2016, 4:45pm

Just clearify:

Was in reference to Guzzle changing so quickly from version to version. They even released a newer version this month.

dan · January 23, 2016, 4:45pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.