Appauth-android: How do we set the client secret in the Token Endpoint Request ?

Created on 26 May 2017  路  3Comments  路  Source: openid/AppAuth-Android

in token endpoint request **
"Authorization code exchange failed invalid_client" error will occur.
i am using in my app Client ID:Client Secret this format. confusion is where i put the Client Secret value?
anyone can help?

Most helpful comment

Due to legacy issue, I need to use client_secret_basic, and am trying to apply to AppAuth-demo-app the method mentioned In the README link https://github.com/openid/AppAuth-Android#utilizing-client-secrets-dangerous, ie.,

  authService.performTokenRequest(req, clientAuth, callback);

However, in current AppAuth-demo-app, the clientAuthentication is now manged by StateManager. It looks that the StateManager will never create ClientSecretBasic for static clients.

By creating a new ClientSecretBasic outside control of StateManager, I am sure that the latest AppAuth-demo-app is able to internally successfully get access-token from authorization code, but its UI eventually comes up with,

"Not Authorized, Authorization Code exchange failed : null"

Would you kindly guide the way to the possible fix ? Thanks very much !

All 3 comments

See this section of the README:

https://github.com/openid/AppAuth-Android#utilizing-client-secrets-dangerous

Due to legacy issue, I need to use client_secret_basic, and am trying to apply to AppAuth-demo-app the method mentioned In the README link https://github.com/openid/AppAuth-Android#utilizing-client-secrets-dangerous, ie.,

  authService.performTokenRequest(req, clientAuth, callback);

However, in current AppAuth-demo-app, the clientAuthentication is now manged by StateManager. It looks that the StateManager will never create ClientSecretBasic for static clients.

By creating a new ClientSecretBasic outside control of StateManager, I am sure that the latest AppAuth-demo-app is able to internally successfully get access-token from authorization code, but its UI eventually comes up with,

"Not Authorized, Authorization Code exchange failed : null"

Would you kindly guide the way to the possible fix ? Thanks very much !

I really need to be able to do this as well. Has anyone come up with sample code on how to use the dangerous client side secret mode?

Was this page helpful?
0 / 5 - 0 ratings