Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Oracle APEX18.2 Oauth2 Authentication with IBM Oauth2 server?

AllenS.Aug 6 2019 — edited Aug 16 2019

Hi,

We're trying to implement Oath2 Authentication with our Oracle APEX application. We have an IBM Oauth2 server that we plan to use in our APEX. However, we are getting the following error upon login from the Authorization End point.

FBTOAU229E Confidential clients accessing the token endpoint must authenticate using their registered credentials.

I was advised by our IBM Oauth2 admins that the request for the token was not done correctly and I need to check the body used for requesting access token.

Where can I find in Oracle APEX the request for the access token?

I've tried looking at the Monitory Activity but it doesn't give me much info.

| 0.20940 | 0.00016 |

CGI: PATH_INFO = /apex_authentication.callback?state=Oher6eSm9cYOSL9acxS5s-1k6s0V1xNdQWB2scBLQ3GLd4ftPmmblcKJGKh_cl9WGuG8CcYznHc480ICxXW7Vobe1dj5NBYTQvZXEn5BEnM&code=14NsMIOccdHemLhQETIS1tyOy

| 9 |

0%

|
| 0.20957 | 0.00012 |

GET https://server/apex REMOTE_ADDR=172.23.147.25 REMOTE_USER=APEX_PUBLIC_USER APEX_LISTENER_VERSION=18.3.0.r2701456 REFERER=https://server/apex/f?p=4000:1:13535485084307::NO:RP:FB_FLOW_ID,F4000_P1_FLOW:101,101 HTTP_COOKIE=__cfduid=dcd59d87047756037bf44ca21d4b2026c1554701632; _ga=GA1.2.1395116425.1554701633; _fbp=fb.1.1559278605108.1706225754; dev=YNUxbei7BixWic5xb9qW0uCJpL; PD-S-SESSION-ID-3=1_qJzwhCFG01ENQlr/EKw7sK7ynvHbTlw05nCvfErFpJ/R1TKhK8A=_AAAAAQA=_t9VuYd5pP5xHQDXFVeagF/H/hIg=

| 9 |

0%

|
| 0.20969 | 0.00005 |

SID=973 USER=APEX_PUBLIC_USER INSTANCE=1

| 9 |

0%

|
| 0.20974 | 0.00218 |

JSON POST https://ibmoauth2/mga/sps/oauth/oauth20/token request got HTTP status 400

| 1 |

1%

|
| 0.21192 | - |

OAuth2 Authorization error "invalid_client". FBTOAU229E Confidential clients accessing the token endpoint must authenticate using their registered credentials.

| 2 |

0%

|

Here's a screen shot of our Authentication setup.

pastedImage_4.png

UPDATE:

After further investigation, it seems that APEX is not entering the client credentials when requesting for the token hence the error returned by our IBM Oauth2 server. It this a bug or am I doing something wrong?

Appreciate any feedback.

UPDATE #2:

Just noticed this in the Web Credentials page.

pastedImage_1.png

Does this mean that the grant_type should be client_credentials? We are using grant_type authorization_code as of now.

UPDATE #3:

Got this working with Okta and Google Oauth2 servers. So not sure what the issue is with the IBM Oauth2 server.

UPDATE#4:

We've updated our openid config file as shown below but still getting the same error.

pastedImage_2.png

Comments

Processing

Post Details

Added on Aug 6 2019
#apex-discussions
7 comments
1,202 views