[Question] What is the correct way to run hydra token client CLI command ?

[WendySanarwanto]

Describe the bug
When running hydra token client command, the command return Please provide a Client ID and Client Secret using flags --client-id and --client-secret, or environment variables OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET while the Client is created by calling hydra clients create --skip-tls-verify --id my-app --token-endpoint-auth-method none CLI command, previously.

To Reproduce
Steps to reproduce the behavior:

1. Create a new client that is intended for WebSPA or Mobile client by invoking this CLI command: hydra clients create --skip-tls-verify --id my-reactjs-app --token-endpoint-auth-method none. Confirm that the command is completed and return Client ID with empty Client secret.
   

2. Run CLI command hydra token client --skip-tls-verify --endpoint https://hydra_dev:4445 --client-id my-reactjs-app.

3. See error at below:
   Please provide a Client ID and Client Secret using flags --client-id and --client-secret, or environment variables OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET.

4. Run hydra token client with random client-secret: hydra token client --skip-tls-verify --endpoint https://hydra_dev:4445 --client-id my-reactjs-app --client-secret my-random-secret.

5. See error at below:

What is the proper way to run hydra token client CLI command which does An exemplary OAuth 2.0 Client performing the OAuth 2.0 Client Credentials Flow ?

Version:

• Environment: Docker for windows 2.0.0.3 (31259)
• Windows 10
• Git Bash

[aeneasr]

You’re using the wrong port (4445) instead of 4444 for token retrieval. I recommend going step by step with the guides on ory.sh/docs or ask in the chat for further help.

[WendySanarwanto]

Hello @aeneasr , I've followed step by step guide in which does "An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow" and it worked fine. But, when I'd like to try example of An exemplary OAuth 2.0 Client performing the OAuth 2.0 Client Credentials Flow through CLI command hydra token client, I can't find any steps which describe that in the documentation. Only got this one which helped me to create a new Client with no secret but can't get hydra token client command to be completed successfully.
Back to your suggestion, I replaced the admin URL (port 4445) , to public URL (port 4444), and here's the result :

Then I removed the --client-secret arg and re-invoked the CLI command:

Replaced --endpoint's value with public url (port 4444) did not work as you suggested.

[aeneasr]

The 5 Minute tutorial shows how to set up an OAuth 2.0 Client. So does the extended set up guide. Public clients can not request OAuth 2.0 Access Tokens using the Client Credentials grant. Since this would be considered core OAuth 2.0 knowledge, I recommend learning about OAuth 2.0 first: https://www.youtube.com/watch?v=996OiexHze0

[jamesweb1]

@aeneasr I understand the typical flow is 'Authorization Code Grant Flow', but I cannot figure out how to setup for the public client (official app or native app). I follow the example as following:

Create client:

docker-compose -f quickstart.yml exec hydra \
    hydra clients create \
    --endpoint http://127.0.0.1:4445 \
    --id native \
    --token-endpoint-auth-method none \
    --grant-types authorization_code,refresh_token \
    --response-types code,id_token \
    --scope openid,offline \
    --callbacks http://127.0.0.1:5555/callback

User authenticate:

docker-compose -f quickstart.yml exec hydra \
    hydra token user \
    --client-id native \
    --endpoint http://127.0.0.1:4444/ \
    --port 5555 \
    --scope openid,offline

And it shows the error as in the original post:

Please provide a Client ID and Client Secret using flags --client-id and --client-secret, or environment variables OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET.

My question is how to combine the OAuth2.0 flow when we want to get the access token in our official website?