Invalid_request while generate the Access token in own OAuth 2.0 server

[nishaantchauhan]

I have made my own OAuth server but when I follow below steps I get the error

Step 1 :
Main page 127.0.0.1:9010

Step 2 : Login using [email protected] email and foobar password

Step 3: Select OpenId or Offline

Step 4: ERROR

Also, I don't understand I did the same process in my local system in that it's working but only one time, only one time it will generate the token after that if I try to generate it again then it will give Unable to connect Error why?

[aeneasr]

Please read this: https://www.ory.sh/docs/guides/master/hydra/6-how-to/4-debug

Also, I don't understand I did the same process in my local system in that it's working but only one time, only one time it will generate the token after that if I try to generate it again then it will give Unable to connect Error why?

Because the CLI command that initiaties the OAuth2 flow terminates after you ran everything. You have to re-run it.

[nishaantchauhan]

Please read this: https://www.ory.sh/docs/guides/master/hydra/6-how-to/4-debug

I have checked the log and I get a followed error.

time="2018-10-22T09:13:17Z" level=info msg="started handling request" method=GET remote="10.10.20.10:59171" request="/oauth2/auth?client_id=another-consumer&consent_verifier=27268dc6c37c43ef9af17b6bb2b6adf3&max_age=0&nonce=oofwtmosnyagklyeroctufro&prompt=&redirect_uri=http%3A%2F%2F10.10.0.10%3A9010%2Fcallback&response_type=code&scope=openid+offline&state=wwujsryireokwjvubyxsdton"
time="2018-10-22T09:13:17Z" level=error msg="An error occurred" description="The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed" error=invalid_request hint="Redirect URL is using an insecure protocol, http is only allowed for hosts with suffix `localhost`, for example: http://myapp.localhost/."
time="2018-10-22T09:13:17Z" level=info msg="completed handling request" measure#http://10.10.0.10:9000/.latency=54527165 method=GET remote="10.10.20.10:59171" request="/oauth2/auth?client_id=another-consumer&consent_verifier=27268dc6c37c43ef9af17b6bb2b6adf3&max_age=0&nonce=oofwtmosnyagklyeroctufro&prompt=&redirect_uri=http%3A%2F%2F10.10.0.10%3A9010%2Fcallback&response_type=code&scope=openid+offline&state=wwujsryireokwjvubyxsdton" status=302 text_status=Found took=54.527165ms

how can i make our server ip to localhost or this http://myapp.localhost/ type of ip ?

[nishaantchauhan]

Also, I don't understand I did the same process in my local system in that it's working but only one time, only one time it will generate the token after that if I try to generate it again then it will give Unable to connect Error why?

Because the CLI command that initiaties the OAuth2 flow terminates after you ran everything. You have to re-run it.

I have followed this https://www.ory.sh/run-oauth2-server-open-source-api-security/ link for OAuth and after I open the browser as in last steps they said to us

  --network hydraguide \
  -p 9010:9010 \
  oryd/hydra:v1.0.0-beta.8 \
  token user \
    --port 9010 \
    --auth-url http://127.0.0.1:9000/oauth2/auth \
    --token-url http://ory-hydra-example--hydra:4444/oauth2/token \
    --client-id another-consumer \
    --client-secret consumer-secret \
    --scope openid,offline \
    --redirect http://127.0.0.1:9010/callback

Setting up home route on http://127.0.0.1:9010/
Setting up callback listener on http://127.0.0.1:4445/callback
Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.
If your browser does not open automatically, navigate to:

        http://127.0.0.1:9010/

so the first time it will work I don't know which CLI command are you talking about?

[aeneasr]

That CLI command you posted will stop working once you hit the callback URL. You have to re-run it in order to get it working again.

how can i make our server ip to localhost or this http://myapp.localhost/ type of ip ?

That works, thing is you didn't use that as the redirect URL but instead redirect_uri=http%3A%2F%2F10.10.0.10%3A9010%2Fcallback which is http://10.10.0.10:9010/callback.

Please follow up with people in the chat or forums if you have more questions.

[nishaantchauhan]

Hi @aeneasr

That works, thing is you didn't use that as the redirect URL but instead redirect_uri=http%3A%2F%2F10.10.0.10%3A9010%2Fcallback which is http://10.10.0.10:9010/callback.

the url is proper it's an ASCII code format so it's correct may b.

The error gives also solution which is
Redirect URL is using an insecure protocol, http is only allowed for hosts with suffix 'localhost', for example: http://myapp.localhost/.

My issue is OAuth required secure SSL for redirect url for generating access token which i have used http protocol instead of https also i have found the same issue on github but there is no solution.

That CLI command you posted will stop working once you hit the callback URL. You have to re-run it in order to get it working again.

I re run the code and it's working but for every request do i need to re run the code for every request, i don't think its a valid approach

[aeneasr]

i am working on server so is there any other option except this http and myapp.localhost.

No, it's a security measure.

I am using docker so I don't understand that you have to re run it but i have stopped the container and restart it but also it's not working at all it gives Unable to connect

Seems like you have some trouble with understanding how Docker works here. Ask in the chat for more help on this, I'm sure someone can help.

[nishaantchauhan]

i am working on server so is there any other option except this http and myapp.localhost.

No, it's a security measure.

I have checked GitHub for the same issue there are available issues like (Disable IsRedirectURISecure), there is no solution found yet for that issues. How can i enable the https in server ?

I am using docker so I don't understand that you have to re-run it but I have stopped the container and restart it but also it's not working at all it gives Unable to connect

Seems like you have some trouble with understanding how Docker works here. Ask in the chat for more help on this, I'm sure someone can help.

I re-run the code and it's working but for every request do I need to re-run the code. currently I am doing changes on server side this is not a valid approach for this.