I am using OneLogin OpenID Connect, I did the initial redirect to OpenID server, put username and password in and OneLogin redirected me to the callback url I provided. I have received a "Code" from this and would like to exchange this code for turning it into an access_token.
I am trying to make a request to the token endpoint but it is returning a 400 Bad Request with this error:
"error_description": "invalid authorization header value format"
I have attached a screenshot below. I didn't have "Client_Secret" in the Authorization header before, I looked around and tried it with "Basic" as well. But none of it seems to work.
Can anyone help me with some insight?
I was also following these two tutorials: https://openidconnect.net
https://developers.onelogin.com/openid-connect/connect-to-onelogin
I have looked on here to see if I was doing anything wrong. But I still get the same error. https://connect2id.com/learn/openid-connect#token-endpoint
Your Authorization header has an incorrect format, it should look like the example below for the username "username" and the password "password".
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
The variable dXNlcm5hbWU6cGFzc3dvcmQ= is found by concatenating username and password with a colon as separator (username:password) and calculating the Base64 value of this new string (dXNlcm5hbWU6cGFzc3dvcmQ=).
Postman does that for you, just click on the Authorization tab next to Headers. You'll probably need Basic Auth.