getting Missing or duplicate parameters after upgrading OTK from 4.3 to 4.6
Article ID: 260427
Updated On:
Products
CA API Gateway
Issue/Introduction
We have noticed the below issue after upgrading the OTK from 4.3.1 to 4.6.0
If we pass client_id or client_secret under parameters we are getting error.
Please find the sample request below.
curl --location --request POST 'https://abc.com/auth/oauth/v2/token?grant_type=client_credentials&client_id=xxxxxxxxx&client_secret=xxxxxxxxxxx&scope=foo' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'cache-control: no-cache'
{
"error": "invalid_request",
"error_description": "Missing or duplicate parameters"
}But if we pass under body then its working.
curl --location --request POST 'https://abc.com/auth/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'cache-control: no-cache' \
--data-urlencode 'client_id=xxxxxx' \
--data-urlencode 'client_secret=xxxxxxxx' \
--data-urlencode 'scope=foo' \
--data-urlencode 'grant_type=client_credentials'
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'cache-control: no-cache' \
--data-urlencode 'client_id=xxxxxx' \
--data-urlencode 'client_secret=xxxxxxxx' \
--data-urlencode 'scope=foo' \
--data-urlencode 'grant_type=client_credentials'
Environment
Release : 10.1
Resolution
Starting with Oauth 4.6 we do not support to pass the client_id and client_secret as query string parameters anymore due to security concerns
see the Release Notes for Oauth 4.6 .
Feedback
Yes
No
Powered by
