Solved

Token request problem in Client Credentials flow

10 months ago
30 May 2023
6 replies
338 views

Userlevel 7

+20

dsj
Superhero (Partner)
671 replies

We have faced a problem with using REST sender with client credential flow and when investigating it was found that the problem is with the token fetching request.

IFS is sending client id and secret in two places, As basic authentication in the header and the url encoded request body.

Seems sending the client secret in the body is faulty.

Is this a bug or is there any workaround to not to include the client secret in the token payload.

Issue was found in IFS Cloud 22R2 but we observed same problem in Apps10 UPD 16 as well

icon

Best answer by Charith Epitawatta 20 October 2023, 01:41

View original

6 replies

Userlevel 4

kvbe
Hero (Partner)
140 replies
9 months ago
29 June 2023

@dsj was this reported to IFS as a bug? Is there any idea if this will be fixed?

Userlevel 7

+20

dsj
Author
Superhero (Partner)
671 replies
9 months ago
29 June 2023

@dsj was this reported to IFS as a bug? Is there any idea if this will be fixed?

Hi @kvbe,

No, it was not reported. Due to the urgency, we switched to basic authentication and proceed with our integration.

Userlevel 7

+31

Charith Epitawatta
Ultimate Hero (Employee)
1092 replies
6 months ago
20 October 2023
Answer

Hi @dsj, @kvbe,

This is now fixed in IFSAPP10 UPD22 via patch ID 167255. This patch introduces a new property to control whether the client credentials will be sent in the request header or the body or both.

Property - ifs.includeClientCredentials

Expected values - body|header|both

Eg: ifs.includeClientCredentials: header

You can add the property in following 2 ways.

Add it to the ifs.properties file located in \\<IFS_HOME>\instance\<InstanceID>\conf directory.
Add it to J2EE server properties via the IEE client as described in this documentation.

Hope this helps!

Userlevel 7

+20

dsj
Author
Superhero (Partner)
671 replies
6 months ago
20 October 2023

Thanks a lot @Charith Epitawatta for the answer.

Has this been fixed in IFS Cloud as well? In which versions?

/Damith

Userlevel 7

+31

Charith Epitawatta
Ultimate Hero (Employee)
1092 replies
6 months ago
20 October 2023

Hi @dsj,

I’m afraid this is still not implemented in IFS Cloud and we expect it will be. I will update here when I receive more information on that.

DNVMIDE
Do Gooder (Customer)
1 reply
1 month ago
11 March 2024

Hi @dsj,

I’m afraid this is still not implemented in IFS Cloud and we expect it will be. I will update here when I receive more information on that.

Any update on this? For the moment we use different mail accounts (with there neede Microsoft licenses) to do an old fashioned login...

Reply

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded