How to handle the creation and manipulation of the oauth client feature
I was working with the new Oryx frontend. I connected this with my locally setup glue api and everything worked well except the login feature. when I was trying this with the glue endpoint (http://glue.de.spryker.local/token) , I was getting this error.
{ "error": "invalid_client", "error_description": "Client authentication failed" }
Now I debugged the code for a while to find that the client id and secret (from the environment variables) were not matching with that of the entry in spy_oauth_client
table. So to make it work I just used the password_hash method of php to generate a new password hash and manually added that to the table. This is dirty work I know, but I had no other option (at least couldn't find) to make it work. So I surfed through the documentation of Spryker to find out what exactly is this client validation. This looks like an extra layer of security on top of the user validation. Can any of the sprykee please explain me the concept of introducing such a feature? Also please let me know if anyone ever faces such a situation that they get this invalid_client error, How can someone overcome this without the dirty trick I mentioned above?
Answers
-
docker/sdk cli echo $SPRYKER_OAUTH_CLIENT_SECRET
encrypt it and save manually in db1 -
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,056 ⚖️ - Guardians (admin)
Heyhey @vparannattilcherul ,
these are a very good questions. Let me try to answer them.
This looks like an extra layer of security on top of the user
validation. Can any of the sprykee please explain me the concept of
introducing such a feature?Yes, you are right. This extra security feature is actually a oauth 2.0 specification defined in
. Please have also a look at and…to find that the client id and secret (from the environment variables) were not matching with that of the entry in
spy_oauth_client
table.So here we have several things which play together. Every
docker/sdk bootstrap
the SPRYKER_OAUTH_CLIENT_SECRET environment variable is regenerated. When you first time run thedocker/sdk up
theconsole setup:init-db
is executed which takes the client-secret from environment variable and stores it to the database. Now, if you use the /token endpoint there should be no problem.BUT: If you execute
docker/sdk bootstrap
again the client-secret is regenerated and if you do thedocker/sdk up
theconsole setup:init-db
is not executed again which results in a miss-match of the secret in the env-variable and your database and therefore fails your token generation.So depending of your version of the package spryker/oauth (you need 2.11.0 minimum
) you could just run manuallydocker/sdk console setup:init-db
and your secret is in sync again.All the best,
Florian
0
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 69 Spryker News
- 896 Developer Corner
- 758 Spryker Development
- 83 Spryker Dev Environment
- 361 Spryker Releases
- 3 Oryx frontend framework
- 34 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 23 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 32 Product & Business Questions
- 68 Spryker Safari Questions
- 50 Random