oauth2-server-php: User Credentials without Client Credentials not working

I have been trying to get the example code from the following website to work, but have been receiving an error.

http://bshaffer.github.io/oauth2-server-php-docs/grant-types/user-credentials/

<?php

    // error reporting (this is a demo, after all!)
    ini_set('display_errors',1);error_reporting(E_ALL);

    require '../../../../vendor/autoload.php';

    // create some users in memory
    $users = array('bshaffer' => array('password' => 'brent123', 'first_name' => 'Brent', 'last_name' => 'Shaffer'));

    // create a storage object
    $storage = new OAuth2\Storage\Memory(array('user_credentials' => $users));

    // create the grant type
    $grantType = new OAuth2\GrantType\UserCredentials($storage);

    // Pass a storage object or array of storage objects to the OAuth2 server class
    $server = new OAuth2\Server($storage);

    // add the grant type to your OAuth server
    $server->addGrantType($grantType);

    // Handle a request for an OAuth2.0 Access Token and send the response to the client
    $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();

When I try sending a curl:

$ curl http://mywebsite.com/test/token.php -d 'grant_type=password&username=bshaffer&password=brent123'

{"error":"invalid_client","error_description":"Client credentials were not found in the headers or body"}

I never set client credentials, why does this require client credentials in the body?

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Comments: 18 (5 by maintainers)

Most upvoted comments

Oh I was under the impression that you could have a user_credential grantType without having a client_credential grantType, as discussed here: #341

@arianf you don’t need the ClientCredentials grant type to use the UserCredentials grant type. You DO, however, need a set of Client Credentials in your storage object. Otherwise, there is no way to validate the client making the request. Public clients are allowed, but they still require an instance of OAuth2\Storage\ClientCredentialsInterface in order to be configured

As for the second error you’re having, it’s because you never added the ClientCredentials grant type object, which is required in order for you to use grant_type=client_credentials

Emphasis on second error… I was referring to when you set grant_type=client_credentials.

+2
bshaffer on May 6, 2014

the UserCredentials grant type requires you to have a valid set of ClientCredentials as well. Notice in the sample curl request, where the command includes -u TestClient:TestSecret:

$ curl -u TestClient:TestSecret https://api.mysite.com/token -d 'grant_type=password&username=bshaffer&password=brent123'

Those credentials need to be included, and also added to your storage somewhere. try including that in your request, and change the above to something like this:

    //...
    // create some users in memory
    $users = array('bshaffer' => array('password' => 'brent123', 'first_name' => 'Brent', 'last_name' => 'Shaffer'));

    // HERE IS THE NEW PART
    $clients = array('TestClient' => array('client_secret' => 'TestSecret'));

    // create a storage object
    // ALSO NEW: pass "client_credentials" in with the Memory object

    $storage = new OAuth2\Storage\Memory(array('user_credentials' => $users, 'client_credentials' => $clients));

As for the second error you’re having, it’s because you never added the ClientCredentials grant type object, which is required in order for you to use grant_type=client_credentials

Please reopen if you have any other questions.

+1
bshaffer on May 6, 2014
Read more comments on GitHub
← oauth2-server-php: Jwt Bearer is not sure whether "sub" contains the username or the user email.
thread-pool: Cannot be used inside the class →