fusionauth-issues
fusionauth-issues copied to clipboard
FusionAuth
[Bug]: Password Grant Fails for Universal Application on Token Endpoint Call
What happened?
When using the password grant, calling for a token fails
curl --location 'https://local.fusionauth.io/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=810f5ecd-d29c-4ae9-87a1-5aad8574cfb2' \
--data-urlencode 'client_secret=*******************' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=offline_access openid' \
--data-urlencode 'tenantId=30663132-6464-6665-3032-326466613934' \
--data-urlencode '[email protected]' \
--data-urlencode 'password=password'
with
{
"error": "invalid_grant",
"error_description": "The user is unable to login. Authentication server responded with 400 status code.",
"error_reason": "unknown"
}
The exact same call works on a different client_id and client secret that is not tied to a universal application
Version
1.60.2
Affects Versions
No response
Alternatives / Workarounds
No response
I have a similar but slightly different problem that I opened a support ticket out. I am able to successfully generate tokens using the password grant with a universal app using 1.60.2:
curl --location 'http://localhost:9011/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=f8999e47-b896-4b43-9328-22f127831f93' \
--data-urlencode 'client_secret=xxxx' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'tenantId=3ec1c408-cd3b-478f-91c2-693ecf9f891e' \
--data-urlencode 'username=xxxx' \
--data-urlencode 'password=xxxx' \
--data-urlencode 'scope=openid offline_access'
However, if I send the resulting access token to the introspection endpoint, I get an error.
curl --location 'http://localhost:9011/oauth2/introspect' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=f8999e47-b896-4b43-9328-22f127831f93' \
--data-urlencode 'token=xxx'
fusionauth-1 | java.lang.NullPointerException: Cannot read field "id" because "this.codeTenant" is null
fusionauth-1 | at io.fusionauth.app.action.oauth2.IntrospectAction.post(IntrospectAction.java:79)
fusionauth-1 | at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
fusionauth-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:580)
fusionauth-1 | at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:443)
fusionauth-1 | at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:77)
fusionauth-1 | at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:60)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:50)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:45)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:60)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:49)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:74)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:121)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:68)
fusionauth-1 | at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth-1 | at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
fusionauth-1 | at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:73)
fusionauth-1 | at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:54)
fusionauth-1 | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
fusionauth-1 | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
fusionauth-1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
fusionauth-1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
fusionauth-1 | at java.base/java.lang.Thread.run(Thread.java:1583)
