OAuth Client Credentials flow failing

This topic has 3 replies, 2 voices, and was last updated 3 years, 2 months ago by Peter Major.

  • Author
  • #26546


    I’ve been trying to test the OAuth client credentials grant but unfortunately it’s failing with the below error.

    {“error_description”:”Grant type is not set”,”error”:”invalid_request”}

    Trying this.
    curl -X POST -H “Content-Type:application/x-www-form-urlencoded” -d ‘{“grant_type”:”client_credentials”,”client_id”:”myclient”,”client_secret”:”forgerock”}’ “https://openam.example.com/openam/oauth2/realms/root/realms/sub-realm/access_token”

    Please guide with any help.


     Peter Major

    Should be something more like:

    curl --request POST \
      --url https://openam.dev:443/oauth2/access_token \
      --header 'content-type: application/x-www-form-urlencoded' \
      --header 'x-requested-with: Insomnia' \
      --data grant_type=client_credentials \
      --data client_id=myclient \
      --data client_secret=mysecret

    Thank you peter,

    I tried this but this time it’s failing with below error.
    {“error_description”:”Client authentication failed”,”error”:”invalid_client”}

    Also I’m trying this on AM 6.5 instance.

    what is this header used for –header ‘x-requested-with: Insomnia’ ?


     Peter Major

    Did you use the correct credentials in the request? Obviously client_id and client_secret needs to be correct in the request.

    The X-Requested-With (and/or Accept-API-Version) header is required by most of our REST endpoints to protect against CSRF attacks.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?