OAuth2.0 - client_credentials error: The request body must contain the following parameter: 'grant_t

相关文章推荐

帅气的毛衣 · 旅游揭西- 揭西县人民政府门户网站· 7 月前 ·

果断的面包 · java调用ie内核浏览器- CSDN文库· 7 月前 ·

坚韧的乌冬面 · 王者荣耀雅典娜带什么召唤师技能-百度经验· 1 年前 ·

喝醉的板栗 · 情书写给男生图片- 搜狗图片搜索· 1 年前 ·

酒量大的面包 · 女鬼桥电影结局女记者怎么了_头条· 1 年前 ·

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account OAuth2.0 - client_credentials error: The request body must contain the following parameter: 'grant_type' #1938 OAuth2.0 - client_credentials error: The request body must contain the following parameter: 'grant_type' #1938 quaggyzombie opened this issue Mar 27, 2024 · 4 comments · Fixed by #2039

When I use OAuth2 with client_credentials, I get the following error:

"error": "invalid_request", "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'. Trace ID: 325b873b-08a3-4b23-b002-650f1f00f700 Correlation ID: 8d8f1825-b12e-468b-8c67-f686e9b46383 Timestamp: 2024-03-27 09:22:23Z", "error_codes": [ 900144 "timestamp": "2024-03-27 09:22:23Z", "trace_id": "325b873b-08a3-4b23-b002-650f1f00f700", "correlation_id": "8d8f1825-b12e-468b-8c67-f686e9b46383", "error_uri": "https://login.microsoftonline.com/error?code=900144"

This is replicated if I click on "Get Access Token" or when sending the request.

Same details work absolutely fine with postman.

Also testing against Microsoft Azure AD / Entra Id and get a similar error with version 1.12.3 of Bruno
AADSTS900144: The request body must contain the following parameter: 'client_id'.

Likely caused by Bruno sending the request body payload for client_credentials with content-type application/json .

RFC6749 - The OAuth 2.0 Authorization Framework expects the content type to be application/x-www-form-urlencoded ref https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

MS Azure AD/Entra ID follows the standard only and expects application/x-www-form-urlencoded as content-type
ref https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret

Likely needs adjustment in

bruno/packages/bruno-electron/src/ipc/network/index.js Line 216 1349a79

Also testing against Microsoft Azure AD / Entra Id and get a similar error with version 1.12.3 of Bruno AADSTS900144: The request body must contain the following parameter: 'client_id'.

Likely caused by Bruno sending the request body payload for client_credentials with content-type application/json .

RFC6749 - The OAuth 2.0 Authorization Framework expects the content type to be application/x-www-form-urlencoded ref https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

MS Azure AD/Entra ID follows the standard only and expects application/x-www-form-urlencoded as content-type ref https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret

Likely needs adjustment in

bruno/packages/bruno-electron/src/ipc/network/index.js Line 216 1349a79

Using the 1.13.0 version, it still seems to be giving an error. Even though I click the "Get Access Token" button, still the Timeline shows the data being sent to the Request URL (Not the Access Token URL) as json, but with the client ID and secret instead, which should be sent as a GET to the Access token URL and then the token generated should be sent to the Request URL instead of what is seemingly happening.