OpenID Connect Token endpoint returning a bad request
I am using OneLogin OpenID Connect, I did the initial redirect to OpenID server, put username and password in and OneLogin redirected me to the callback url I provided. I have received a "Code" from this and would like to exchange this code for turning it into an access_token.
I am trying to make a request to the token endpoint but it is returning a 400 Bad Request with this error:
"error_description": "invalid authorization header value format"
I have attached a screenshot below. I didn't have "Client_Secret" in the Authorization header before, I looked around and tried it with "Basic" as well. But none of it seems to work.
Can anyone help me with some insight?
I was also following these two tutorials: https://openidconnect.net
https://developers.onelogin.com/openid-connect/connect-to-onelogin
I have looked on here to see if I was doing anything wrong. But I still get the same error. https://connect2id.com/learn/openid-connect#token-endpoint
Your Authorization header has an incorrect format, it should look like the example below for the username "username" and the password "password".
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
The variable dXNlcm5hbWU6cGFzc3dvcmQ= is found by concatenating username and password with a colon as separator (username:password) and calculating the Base64 value of this new string (dXNlcm5hbWU6cGFzc3dvcmQ=).
Postman does that for you, just click on the Authorization tab next to Headers. You'll probably need Basic Auth.
- Chrome identity launchWebAuthFlow only opens empty callback page
- Limiting the scopes of an OAuth 2.0 flow
- Is Endpoint Security Authentication in WSO2 APIM Done per API or per request?
- Why do i need to specify redirect_uri if i am authenticating from server side?
- Error 400: invalid_scope with Postman and Google OAuth2
- Issues Adding SMTP.Send Permission to Azure Application for Office 365 SMTP
- PHP - How to get OAuth 2.0 Token
- UPS Outh Rating API return Invalid Authentication Information
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- How to get Optum sandbox to authenticate with OAuth 2.0 using Java and okhttp
- Spring Boot redirection back to login page
- New Google place api using google OAuth, ask failed to refresh token
- Authentication Problems using Google's ARCore API
- Getting OAuth code challenge on loopback server
- How do I solve audience (aud) invalid claim error for downstream api service?
- oauth 2 parameters can only have a single value: scope
- #oauth2 security expressions on method level
- Calling spring authorization server OAuth2 REST endpoints
- Google AdWords API authorization raising AdsCommon::Errors::AuthError
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Passport - Node.js not returning Refresh Token
- AWS Cognito: Missing Scopes in Access Token with Custom UI and Device Remember Functionality for MFA
- Cross-client Google OAuth: Get auth code on iOS and access token on server
- How to generate GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET without a domain?
- Spring Gateway and OAuth
- OAuth Client Credential Flow - Refresh Tokens
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- Add OAuth authentication for HTTP request triggers
- OAuth2 implementation and user management Django
- How to enable a submit button if form fields are auto-filled by the browser using saved credentials on page load?