Unable to Authenticate: /auth/oauth/v2/token


#1

I might be doing something wrong, however when I try to Authenticate following these steps:
https://opendata.transport.nsw.gov.au/site/en_us/gs-api-basics.html#authenticating

I POST to: https://[key]:[secret]@api.transport.nsw.gov.au/auth/oauth/v2/token?grant_type=client_credentials&scope=user

But receive this is return:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Body>
        <soapenv:Fault>
            <faultcode>soapenv:Server</faultcode>
            <faultstring>Policy Falsified</faultstring>
            <faultactor>https://api.transport.nsw.gov.au/auth/oauth/v2/token?grant_type=client_credentials&amp;scope=user</faultactor>
            <detail>
                <l7:policyResult status="Assertion Falsified" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
            
            </detail>
        
        </soapenv:Fault>
    
    </soapenv:Body>
</soapenv:Envelope>

Any advice, or a link to some docs?

Thanks :smiley:


#2

I had a look at your application settings and they look OK. What happens when you use the Explore API for your application?


#3

Apologies.
Actually that appears to be the case for some Chrome Advance Client and Firefox apps only. I have found using the curl command line without an issue.

curl -X POST "https://<key>:<secret>@api.transport.nsw.gov.au/auth/oauth/v2/token?scope=user&grant_type=client_credentials"


Original reply.
It would appear that you need to add a header of a Base64 encoding of api_key:secret instead of using what is in the document.

i.e
Authorization: Basic YXBpX2tleTpzZWNyZXQ=


#4

It appears your finding with eh Chrome Advance Clients holds true. Authentication fails in Postman due to it being a Chrome app.

Interesting discovery!

Thanks for your help :slight_smile:


#5

Hi there,

Some how i’m experiencing same issue too.

tried curl & python etc …

it says The given client credentials were not valid but my client id and shared secret both correct

ping @yvonne.lee


#6

since you are explicitly asking… I will see what I can find out here… although I had thought (and hoped!) @Nirving had provided the answer.


#7

Hi,

I tried @Nirving 's answer as well all same

Thanks


#8

Hi @tengis

Let me preface to say that I’m not a developer (hence why we have this forum so the lovely people who are developers can help each other!)

But can you do the following

  1. sign in
  2. create an app
  3. add the APIs you need for that app
  4. go to API Explorer
  5. choose the API and App/API Key
  6. Choose OAuth2 as the auth type
  7. Choose Client Credentials
  8. API Key and Shared secret are prepopulated for you
  9. Type in “user” to the Scope
  10. add in the Token Endpoint (use this one https://api.transport.nsw.gov.au/auth/oauth/v2/token if you don’t have one)
  11. Choose the API endpoint
  12. Click on Submit
  13. Grab the curl command and run it

Remember to run it whilst you still have authorisation (ie don’t walk away and come back to do it as it times out)

If still not working… send me a screenshot via a private/direct message and we’ll see what we can find.

@nirving @pat if either of you can provide us with words or how to update our documentation we are happy to do so for clarity :slight_smile:


#9

Wanted to close this one out as Tengis is now up and running. It was setting up the App itself that had an anomaly.