Problems with OAuth2.0 authentication using the REST sender with "Scope" functionality
Hello,
We have a number of outbound integrations that were using the REST sender with Client Credentials authentication towards Azure plattform, they were working properly before. Now, the endpoints at Azure has been moved to a new version and they have been configured using the OAuth2.0 “Scope” parameter that is not available in the Client Credentials data inside the routing address (IFS Connect). We tried to add the Scpoe parameter in the “Token Endpoint Parameters” like: Scope=xxxxx , we also tried to add the Scope into the “Additional Headres” like Scope=xxxxx , none of them worked. Error when invoking the endpoint, error message :
"ExecutionException from Sender thread Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Error while trying to get the Oauth access token Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: https://login.microsoftonline.com/74c901f0-6a97-4cfa-8505-9542ce009b27/oauth2/v2.0/token"
Customer gave us a postman collection and it works fine from there since there exist a “Scope” parameter/functionality in the OAuth2.0 Postman client.
Any help appriciated!
Kindregards,
Hani
Page 1 / 1
@Hani did you manage to find a solution for this? I also came across this issue.
Problem is not with the scope. Actually, if you put the scope=xxx in Token Endpoint Parameters, it will add to the token request body.
Problem is that the IFS token request in client credential flow is faultywhere client id, secret is added in both the request auth header and in the body. According to RFC doc, client_id in the payload is required only for authorization_code grant type. For other grant types it’s optional. Nothing was mentioned about the client_secret.
We spent many hours on this and finally compared token request from postman with IFS and confirmed that this was the reason for getting 400 status code for token request.
As mentioned in above topic, this problem was found in Apps10 and in cloud 22R2. therefore I think it is an unsolved bug.
Hope it helps and would like someone from RnD could explain if there’s a way to work client credential flow.
Cheers!
Damith
hi @dsj do you know if this has been resolved now?
Thanks
Ross
hi @dsj do you know if this has been resolved now?
Thanks
Ross
Hi, This has been resolved now. You need to add the IFS property entry and add the entry info like scope in token_endpoint_parameters. (Scope=xxx)
hi @dsj do you know if this has been resolved now?
Thanks
Ross
Hi, This has been resolved now. You need to add the IFS property entry and add the entry info like scope in token_endpoint_parameters. (Scope=xxx)
Hi @kavinduxo
Can you give an example on how to set it up in IFS properties?
hi @dsj do you know if this has been resolved now?
Thanks
Ross
Hi, This has been resolved now. You need to add the IFS property entry and add the entry info like scope in token_endpoint_parameters. (Scope=xxx)
Hi @kavinduxo
Can you give an example on how to set it up in IFS properties?
Sure. Here you find my steps.
Step 1: Adding an INS (You can do it in IFS app also, in case you don’t have VCS)
Step 2: My case it was the scope I needed to add. and I added it to Token endpoint params.
