We get a 400 from the oauth2 plugin when I request an oauth token with the client_credentials grant_type.

I configured:

1. X-Forwarded-Proto: https as part of the request header
2. http_if_terminated":true,"https_only":false is set on the API
3. "accept_http_if_already_terminated":true,"
   Kong Version 0.11

The calls to Kong comes through fine. 10.0.2.2 - 05b231778fc848989b7655529df9b534 [10/Oct/2017:02:19:32 +0000] "POST //oauth2/token/ HTTP/1.1" 400 78 "-" "curl/7.52.1"
10.0.2.2 - - [10/Oct/2017:02:19:32 +0000] "GET //health HTTP/1.1" 401 102 "-" "curl/7.52.1"

Is there a option to make the logging more verbose for the oauth2 plugin as the log plugins seem to catch later in the process.
Below are the curl call for the token request, api and plugin configuration of the API.
Would be great if you anyone could give me a hint what I'm doing wrong here.

token request curl

curl -vvv -k http://dev:8000//oauth2/token/ --header "Authorization: Basic MDViMjMxNzc4ZmM4NDg5ODliNzY1NTUyOWRmOWI1MzQ6NDAxNTg4MGQ2YzQ1NGMzMzliYjYzNzU0ZDRkM2VlM2E=" --header "X-Forwarded-Proto: https" --data "grant_type=client_credentials" --data "scope=tourism_dev" --data "provision_key=tourism_dev" --data "authenticated_userid=test2"
EXECUTE TOKEN REQUEST

• Trying 127.0.0.1...
• TCP_NODELAY set
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to dev (127.0.0.1) port 8000 (#0)

POST //oauth2/token/ HTTP/1.1
Host: dev:8000
User-Agent: curl/7.52.1
Accept: /
Authorization: Basic XXX
X-Forwarded-Proto: https
Content-Length: 100
Content-Type: application/x-www-form-urlencoded

} [100 bytes data]

• upload completely sent off: 100 out of 100 bytes
  < HTTP/1.1 400 Bad Request
  < Date: Tue, 10 Oct 2017 02:19:32 GMT
  < Content-Type: application/json; charset=utf-8
  < Transfer-Encoding: chunked
  < Connection: keep-alive
  < Server: kong/0.11.0
  < cache-control: no-store
  < pragma: no-cache
  <
  { [78 bytes data]
• Curl_http_done: called premature == 0
  100 167 0 67 100 100 22543 33647 --:--:-- --:--:-- --:--:-- 97k
• Connection #0 to host dev left intact
  RESPONSE -----
  {"error_description":"You must use HTTPS","error":"access_denied"}

api configuration

curl http://localhost:8001/apis/dev
{"created_at":1507597850000,"strip_uri":true,"id":"14f0ffd8-209d-4df4-8808-fc0e56313f3e","hosts":["dev"],"name":"dev","http_if_terminated":true,"https_only":false,"retries":5,"preserve_host":false,"upstream_connect_timeout":60000,"upstream_read_timeout":60000,"upstream_send_timeout":60000,"upstream_url":"http:\/\/tourism-api.tourism.svc.cluster.local:8088\/api\/"}
eds30880330:product_api_gateway fredschmidt$ curl http://localhost:8001/plugins/oauth2/
{"id":"oauth2 is not a valid uuid"}

plugin configuration:

eds30880330:product_api_gateway fredschmidt$ curl http://localhost:8001/apis/dev/plugins/
{"total":3,"data":[{"created_at":1507597850000,"config":{"token_expiration":7200,"mandatory_scope":true,"hide_credentials":false,"scopes":["tourism_dev"],"enable_implicit_grant":false,"global_credentials":false,"accept_http_if_already_terminated":true,"enable_password_grant":false,"anonymous":"","enable_authorization_code":false,"enable_client_credentials":true,"provision_key":"tourism_dev"},"id":"b05d94b3-5271-4d5b-af9e-063f1a2f6d0b","enabled":true,"api_id":"14f0ffd8-209d-4df4-8808-fc0e56313f3e","name":"oauth2"},{"created_at":1507597850000,"config":{"whitelist":["tourism_dev"]},"id":"fd6cb9df-11cd-491f-baa3-ccd3440167db","enabled":true,"api_id":"14f0ffd8-209d-4df4-8808-fc0e56313f3e","name":"acl"},{"created_at":1507597850000,"config":{"path":"\/tmp\/api_tourism_dev.log","reopen":false},"id":"a81af0bc-1ac0-466a-a1eb-69b74b3f6528","enabled":true,"api_id":"14f0ffd8-209d-4df4-8808-fc0e56313f3e","name":"file-log"}]}