bruno icon indicating copy to clipboard operation
bruno copied to clipboard

Published 20 hours ago verified publisher icon usebruno

OAuth2.0 - client_credentials error: The request body must contain the following parameter: 'grant_type'

Open quaggyzombie opened this issue 10 months ago • 3 comments

image

When I use OAuth2 with client_credentials, I get the following error:

{
  "error": "invalid_request",
  "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'. Trace ID: 325b873b-08a3-4b23-b002-650f1f00f700 Correlation ID: 8d8f1825-b12e-468b-8c67-f686e9b46383 Timestamp: 2024-03-27 09:22:23Z",
  "error_codes": [
    900144
  ],
  "timestamp": "2024-03-27 09:22:23Z",
  "trace_id": "325b873b-08a3-4b23-b002-650f1f00f700",
  "correlation_id": "8d8f1825-b12e-468b-8c67-f686e9b46383",
  "error_uri": "https://login.microsoftonline.com/error?code=900144"
}

This is replicated if I click on "Get Access Token" or when sending the request.

Same details work absolutely fine with postman.

quaggyzombie avatar Mar 27 '24 09:03 quaggyzombie

Also testing against Microsoft Azure AD / Entra Id and get a similar error with version 1.12.3 of Bruno AADSTS900144: The request body must contain the following parameter: 'client_id'.

Likely caused by Bruno sending the request body payload for client_credentials with content-type application/json.

RFC6749 - The OAuth 2.0 Authorization Framework expects the content type to be application/x-www-form-urlencoded ref https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

MS Azure AD/Entra ID follows the standard only and expects application/x-www-form-urlencoded as content-type ref https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret

Likely needs adjustment in https://github.com/usebruno/bruno/blob/1349a7975082e2afa64f4cc3b1c2d0d884991b4b/packages/bruno-electron/src/ipc/network/index.js#L216

elsewhat avatar Apr 04 '24 10:04 elsewhat

Also testing against Microsoft Azure AD / Entra Id and get a similar error with version 1.12.3 of Bruno AADSTS900144: The request body must contain the following parameter: 'client_id'.

Likely caused by Bruno sending the request body payload for client_credentials with content-type application/json.

RFC6749 - The OAuth 2.0 Authorization Framework expects the content type to be application/x-www-form-urlencoded ref https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

MS Azure AD/Entra ID follows the standard only and expects application/x-www-form-urlencoded as content-type ref https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret

Likely needs adjustment in

https://github.com/usebruno/bruno/blob/1349a7975082e2afa64f4cc3b1c2d0d884991b4b/packages/bruno-electron/src/ipc/network/index.js#L216

Yes, this seems to be the issue. I tried replicating these scenarios directly. Can +1 this.

quaggyzombie avatar Apr 04 '24 11:04 quaggyzombie

This will go out in the 1.13.0 release. Please subscribe to Discord announcement channel to stay notified on the releases.

helloanoop avatar Apr 09 '24 20:04 helloanoop

Using the 1.13.0 version, it still seems to be giving an error. Even though I click the "Get Access Token" button, still the Timeline shows the data being sent to the Request URL (Not the Access Token URL) as json, but with the client ID and secret instead, which should be sent as a GET to the Access token URL and then the token generated should be sent to the Request URL instead of what is seemingly happening.

image

quaggyzombie avatar Apr 15 '24 11:04 quaggyzombie