[SOLVED] Receive invalid access token when requested from Anypoint Studio (Mulesoft v4)


#1

I’m submitting a…

[ ] Regression (a behavior that stopped working in a new release)
[x] Bug report
[ ] Performance issue
[ ] Documentation issue or request

Current behavior

When I request an access token from Anypoint Studio v7.3 (Mulesoft v4) the access token I receive returns a 401 when used to make a call to get content. (Also, the token is 10 characters longer then the one I receive when I make the call from Postman.) There are 3 characters that are encoded when sending from Mulesoft including the colon in the client_id. If this was an issue I would expect to not get a token, but instead I receive an invalid token.

Expected behavior

Requesting an access token from Anypoint Studio v7.3 return a valid token that can be used to make further requests.

Minimal reproduction of the problem

calling https://cloud.squidex.io/identity-server/connect/token with content type application/x-www-form-urlencoded and a valid body.

Environment

I’m not sure, I don’t know about the setup of squidex, just how to call the APIs

  • [ ] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Browser:
I am not using a browser to access content

  • [ ] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Others:
Is there another way to request a token other than using content-type application/x-www-form-urlencoded?


#2

Can you send me the request that are made with anypoint? Perhaps you are missing an scope or so.


#3

Here is the log from Anypoint. you can piece the call together from the log.

POST /identity-server/connect/token HTTP/1.1
x-correlation-id: 0-a7173660-240a-11e9-967d-364320524153
Host: cloud.squidex.io:443
User-Agent: AHC/1.0
Connection: keep-alive
Accept: /
Content-Type: application/x-www-form-urlencoded
Content-Length: 147

grant_type=client_credentials&client_id=%3A****&client_secret=s1t6dr8sf%2FSiWmGkFVe7cOMpMpTki10xs%3D&scope=squidex-api


#4

Can you send me the example token via PM?


#5

I don’t see how to send a PM


#6

I sent you an message, you can just answer there.


#7

I deployed a fix that should solve your problem, but you have request a new token.


#8

Please confirm if it works or not.


#9

Confirmed via PM …


#10