cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Testing OAuth to get token

Frazzle
Visitor

Hi, i am using the below details to pull back a token (removed the OAuth details), but we get a badrequest 400 back with this body and no idea what the issue is. 

Input:
Headers:
{ "Content-Type": "application/x-www-form-urlencoded" }
Body:
{ "grant_type": "client_credentials", "client_id": "*.*", "client_secret": "*", "scope": "account-idm-read account-idm-write", "resource": "*" }

Response:

{
    "statusCode"400,
    "headers": {
        "Date""Thu, 07 Mar 2024 11:37:34 GMT",
        "Connection""keep-alive",
        "Set-Cookie""AWSALB=Y/NaFryc7SsOf2MxmkuwVVGJHxLU0p1XrWOiQojtDSqMWV0Qpx1qJWiAnEeifSLvCTtoMDBm2y0imRXrVh6tYhSfuwa6POX513NQjP/torNLEuMp/3N6QPpqefJA; Expires=Thu, 14 Mar 2024 11:37:34 GMT; Path=/,AWSALBCORS=Y/NaFryc7SsOf2MxmkuwVVGJHxLU0p1XrWOiQojtDSqMWV0Qpx1qJWiAnEeifSLvCTtoMDBm2y0imRXrVh6tYhSfuwa6POX513NQjP/torNLEuMp/3N6QPpqefJA; Expires=Thu, 14 Mar 2024 11:37:34 GMT; Path=/; SameSite=None; Secure,dtCookie=v_4_srv_14_sn_DA589D2531938B2A2F384294FD5F1308_perc_100000_ol_0_mul_1_app-3A98ef57ca1ba5392b_1_rcs-3Acss_0; Path=/; Domain=.dynatrace.com; secure",
        "Server-Timing""dtRpid;desc=\"-524315565\", dtSInfo;desc=\"0\"",
        "X-OneAgent-JS-Injection""true",
        "X-Frame-Options""DENY",
        "Frame-Options""deny",
        "X-XSS-Protection""1; mode=block",
        "X-Content-Type-Options""nosniff",
        "Content-Security-Policy""default-src 'self' https://static.sso.dynatrace.com https://dt-cdn.net; script-src 'self' 'unsafe-inline' https://static.sso.dynatrace.com; frame-ancestors 'none'; form-action http: https:; report-uri https://report-csp.internal.dynatracelabs.com/sso2.0",
        "X-Content-Security-Policy""default-src 'self' https://static.sso.dynatrace.com https://dt-cdn.net; script-src 'self' 'unsafe-inline' https://static.sso.dynatrace.com; frame-ancestors 'none'; form-action http: https:; report-uri https://report-csp.internal.dynatracelabs.com/sso2.0",
        "Strict-Transport-Security""max-age=31536000; preload",
        "Pragma""no-cache",
        "Cache-Control""no-store, must-revalidate, no-cache",
        "issueId""25EDJDCEXJAZAG5I",
        "Content-Type""application/json; charset=utf-8",
        "Content-Length""70"
    },
    "body": {
        "errorCode"400,
        "message""Bad Request",
        "issueId""25EDJDCEXJAZAG5I"
    }
}
3 REPLIES 3

mark_bley
Dynatrace Champion
Dynatrace Champion

Hi @Frazzle ,

you may have missed a the first bit in the resource filed.

try it like this:

curl --location --request POST 'https://sso.dynatrace.com/sso/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=dt0s02.*' \
--data-urlencode 'client_secret=dt0s02.*.*' \
--data-urlencode 'resource=urn:dtaccount:<your-account-id>' \
--data-urlencode 'scope=account-idm-read account-idm-write'

 

DaveOps
Contributor

I have a similar issue:

curl --location --request POST 'https://sso.dynatrace.com/sso/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client id>' \
--data-urlencode 'client_secret=<secret>' \
--data-urlencode 'resource=urn:dtaccount:<account-UUID>' \
--data-urlencode 'scope=app-engine:apps:install app-engine:apps:run'

{"errorCode":400,"message":"Bad Request","issueId":"K4DTL7WN6UVPGAM6","error":"invalid_request","error_description":""}%

shivamagnihotri
Observer

To resolve the issue, generate a new OAuth Client.

In my case, the OAuth Client was dormant because it was created by a colleague who is no longer active in my Dynatrace account, resulting in the following response.

{ "errorCode": 400, "message": "Bad Request", "issueId": "XXXXXXXXXXX", "error": "invalid_request", "error_description": "" }

 

Here's the working cURL command/request body for your reference:

curl --location 'https://sso.dynatrace.com/sso/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<your-Client-ID>' \
--data-urlencode 'client_secret=<your-Client-secret>' \
--data-urlencode 'resource=urn:dtaccount:<your-account-UUID>' \
--data-urlencode 'scope=iam-policies-management account-idm-read account-idm-write'

Featured Posts