I work on Drupal8 project and created Rest API, everything works fine until I want to add Oauth2 when I try to get a token I got an invalid grant type error.
This is the error code:
{
"error": "invalid_grant",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "Check the configuration to see if the grant is enabled."
}
This is the url that i called:
http://myserver/oauth/token?grant_type=password&client_id=6db9da8d-b831-4381-b279-381bc5a57e90&scope&username=webmasterrest&password=webmasterrest&client_secret=$S$EamACyfemGWic74kmkwUvphMmr9FL132KC297mI1GEkTKhyBJyAo
I added a client, but I can't add a grant type "password" to this client, any help please?
Install the module using Composer: composer config repositories.drupal composer https://packages.drupal.org/8 && composer require drupal/simple_oauth:^2. You can use any other installation method, as long as you install the OAuth2 Server composer package.
Generate a pair of keys to encrypt the tokens. And store them outside of your document root for security reasons.
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout > public.key
Save the path to your keys in: /admin/config/people/simple_oauth.
Go to REST UI and enable the oauth2 authentication in your resource.
Create a Client Application by going to: /admin/config/services/consumer/add.
Create a token with your credentials by making a POST request to /oauth/token. See the documentation about what fields your request should contain
(Not shown) Permissions are set to only allow to view nodes via REST with the authenticated user.
Request a node via REST without authentication and watch it fail.
Request a node via REST with the header Authorization: Bearer {YOUR_TOKEN} and watch it succeed.
NOTE: I user drupal/simple_oauth version 2.x because i got an exception n version 3.x