I am using Postman to test OAuth 2 from a vanilla AEM install.
Postman can successfully obtain the authorization code from /oauth/authorize after I grant access:
But when it tries to use the code to obtain a token from /oauth/token it receives the following response:
HTTP ERROR: 403 Problem accessing /oauth/token. Reason: Forbidden Powered by Jetty://
Looking in Fiddler it is doing a POST to /oauth/token with the following Name/Values in the body:
client_id: Client ID from /libs/granite/oauth/content/client.html
client_secret: Client Secret from /libs/granite/oauth/content/client.html
redirect_uri: https://www.getpostman.com/oauth2/callback
grant_type: authorization_code
code: Code returned from previous request to oauth/authorize
Am I missing something?
Hi,
To be honest, I'm not very familiar with Postman's OAuth2 support. Can you provide a complete dump of the POST request to /oauth/token? My guess is that this is the Referrer Filter, but I'm not sure.
Regards,
Justin
justin_at_adobe wrote...
Hi,
To be honest, I'm not very familiar with Postman's OAuth2 support. Can you provide a complete dump of the POST request to /oauth/token? My guess is that this is the Referrer Filter, but I'm not sure.
Regards,
Justin
Your guess was right Justin. Kudos
Views
Replies
Total Likes
Solved. You need to add the post as allowed host in the sling referrer filter in your configuration.
Views
Replies
Total Likes
Just curious - which host?
Views
Replies
Total Likes
justin_at_adobe wrote...
Just curious - which host?
There was a typo. Sorry for that. Updated it. By default the post request is not allowed by sling referrer filter in 6.1.
Views
Replies
Total Likes
Hi Justin,
I am also facing same issue while requesting from the postman client for the token i am getting 403 forbidden.
Can you tell what are service required to be up and running for the oauth2. and also if its not how i will make up and running.
Thanks in advance.
Views
Replies
Total Likes