[mitreid-connect] How to get Access Token for Authorization Code Flow

Justin Richer jricher at mit.edu
Mon Aug 31 12:30:17 EDT 2015 

The way that the authorization code flow in OAuth works, you need to send the user in a web browser to the authorization page. It’s not something you fetch directly. What you’re seeing below is the server requiring the user to log in, which is to be expected since you’re just sending things with curl.

I suggest reading through some intro material on OAuth to get a better idea of how things are supposed to work. These slides from from a class I taught last year and you may find them helpful:

http://www.slideshare.net/zeronine1/mit-2014-introduction-to-open-id-connect-and-oauth-2

 — Justin

> On Aug 31, 2015, at 12:23 PM, Sergiy Lystopad <slystopad at mirantis.com> wrote:
> 
> Hi, colleagues.
> 
> I am trying to check Authorization Code Flow.
> I have registered new RP(client) via Administrative UI (specifyed client ID, Redirect URI, checked Grant Types: authorization code and password. Other options - default)
> 
> Then I have tried to get Access Token with curl:
> curl -i -X GET 'http://192.168.0.123:8080/openid-connect-server-webapp/authorize?response_type=code&scope=openid%20profile%20email&client_id=curlClient2&state=state12345&redirect_uri=http://192.168.192.168/redirect <http://192.168.0.123:8080/openid-connect-server-webapp/authorize?response_type=code&scope=openid%20profile%20email&client_id=curlClient2&state=state12345&redirect_uri=http://192.168.192.168/redirect>'
> 
> I expect something like:
> HTTP/1.1 302 Found
>  Location: https://server.example.com:443/oidcclient/redirect/client01 <https://server.example.com/oidcclient/redirect/client01>
>      code=SplxlOBeZQQYbYS6WxSbIA
>      &state=state12345
> 
> but got:
> HTTP/1.1 302 Found
> Server: Apache-Coyote/1.1
> Set-Cookie: JSESSIONID=896E596E8B00E7B3FC9AF08337739C02; Path=/openid-connect-server-webapp/; HttpOnly
> X-Frame-Options: DENY
> Location: http://192.168.0.123:8080/openid-connect-server-webapp/login <http://192.168.0.123:8080/openid-connect-server-webapp/login>
> Content-Length: 0
> Date: Mon, 31 Aug 2015 16:15:19 GMT
> 
> What I am doing wrong?
> 
> P.S. Sorry for dumb questions, but I think here is best place where I could found answers.
> 
> Thank you in advance.
> -- 
> Sergiy Lystopad
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150831/d541728e/attachment.html

More information about the mitreid-connect mailing list