Hyland Connect

freemann_ · ‎04-05-2019

Hi people,

According Oauth2 FLOW https://doc.nuxeo.com/nxdoc/using-oauth2/#requesting-an-access-token-with-a-jwt, I tried to get access token by testing Access Token with a JWT with my Postman but I have some exceptions server side. Here How I declared Oauth2 client serveur side :

Here is My Postman

Here is the server logs

2019-04-05T12:14:44,334 ERROR [https-jsse-nio-0.0.0.0-8443-exec-3] [nuxeo-error-log] javax.servlet.ServletException: java.lang.NullPointerException
	at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoRequestControllerFilter.doFilter(NuxeoRequestControllerFilter.java:145)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
	at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
	Caused by: java.lang.NullPointerException
	at org.nuxeo.ecm.platform.oauth2.NuxeoOAuth2Servlet.doPostToken(NuxeoOAuth2Servlet.java:358)
	at org.nuxeo.ecm.platform.oauth2.NuxeoOAuth2Servlet.doPost(NuxeoOAuth2Servlet.java:121)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

Thanks for help

freemann_ · ‎04-05-2019

Hi,

When in my postman I delete parameter grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', I get server side this exception : 2019-04-05T14:11:35,871 WARN [https-jsse-nio-0.0.0.0-8443-exec-7] [org.nuxeo.ecm.platform.oauth2.NuxeoOAuth2Servlet] OAuth2 token request error: OAuth2Error(id=unsupported_grant_type, description=Unknown grant_type: got "null", expecting "authorization_code" or "refresh_token".)

It seems that this type of grant_type urn:ietf:params:oauth:grant-type:jwt-bearer describe in this https://doc.nuxeo.com/nxdoc/using-oauth2/#requesting-an-access-token-with-a-jwt is not supported in nuxeo 10.10 or not implement yet ? I see in code package org.nuxeo.ecm.platform.oauth2 theses constants

public static final String TOKEN_SERVICE = "org.nuxeo.server.token.store";
036
037    public static final String RESPONSE_TYPE_PARAM = "response_type";
038
039    public static final String CODE_RESPONSE_TYPE = "code";
040
041    public static final String SCOPE_PARAM = "scope";
042
043    public static final String STATE_PARAM = "state";
044
045    public static final String CLIENT_ID_PARAM = "client_id";
046
047    public static final String CLIENT_SECRET_PARAM = "client_secret";
048
049    public static final String REDIRECT_URI_PARAM = "redirect_uri";
050
051    public static final String REDIRECT_URL_PARAM = "redirect_url";
052
053    public static final String AUTHORIZATION_CODE_PARAM = "code";
054
055    public static final String REFRESH_TOKEN_PARAM = "refresh_token";
056
057    public static final String GRANT_TYPE_PARAM = "grant_type";
058
059    public static final String AUTHORIZATION_CODE_GRANT_TYPE = "authorization_code";
060
061    public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
062
063    /** --------------------------- PKCE --------------------------- */
064    public static final String CODE_CHALLENGE_PARAM = "code_challenge";
065
066    public static final String CODE_CHALLENGE_METHOD_PARAM = "code_challenge_method";
067
068    public static final String CODE_VERIFIER_PARAM = "code_verifier";
069
070    public static final String CODE_CHALLENGE_METHOD_PLAIN = "plain";
071
072    public static final String CODE_CHALLENGE_METHOD_S256 = "S256";
073
074    public static final List<String> CODE_CHALLENGE_METHODS_SUPPORTED = Arrays.asList(CODE_CHALLENGE_METHOD_PLAIN,
075            CODE_CHALLENGE_METHOD_S256);

No assertion Thanks

Thomas_Roger · ‎04-05-2019

The JWT OAuth2 flow is only supported since 10.10-HF02, not before.

Kevin_Leturc · ‎04-05-2019

Hello,

I saw on your screenhost that the exception came from [here](https://github.com/nuxeo/nuxeo/blob/10.10/nuxeo-features/nuxeo-platform-oauth/src/main/java/org/nuxe... which means that either you don't have set the jwt secret (nuxeo.jwt.secret in nuxeo.conf) or your token is not valid.

I created NXP-27175 to improve error handling.

freemann_ · ‎04-05-2019

Hi Thomas Roger,

I am running HF03.

Thanks

freemann_ · ‎04-05-2019

Hi Kevin Leturc , I have this parameter in my nuxeo.conf nuxeo.jwt.secret=OTQ5YTI3MmI0ZDBmNGV....., So I don't understand why nuxeo not read it ?

Thanks

Kevin_Leturc · ‎04-05-2019

Ok,

freemann_ · ‎04-05-2019

Kevin Leturc ,

In https://github.com/nuxeo/nuxeo/blob/10.10/nuxeo-features/nuxeo-platform-oauth/src/main/java/org/nuxe... I see :

/** @since 11.1 */
public static final String ASSERTION_PARAM = "assertion";

/** @since 11.1 */
public static final String JWT_BEARER_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";

It's a confirmation that the jwt grant_type does not exist in 10.10 or HF02 ?

Kevin_Leturc · ‎04-05-2019

Please use comment feature instead of answer one, it's easier to follow.

freemann_ · ‎04-05-2019

As you can see on my answer to [Thomas Roger](https

Hyland Connect

Requesting-an-access-token-with-a-jwt - SOLVED