Hi , I am getting the same response while exchanging authorization code with the access token via the token end point. The above solution did not worked for me.
I am developing a iOS SDK for Authentication and authorization for my organisation.
For API calls i am using Alamofire.
Deployment target is iOS 11.4
Below are the details for each of my webservice calls :
Authn endpoint request:
$ curl -v
-X POST
-b “proximity_beb48734015c875160c574c2696a4f68=Ej60dXl725NxOJ0C6TgeKyDHKkJMPV4YpgMHAuXzLsKdpa25jeuSBgIgFOwXy5fnoDY3f7BAlTfOtVjAjTuIdf3xsZXAy6NHP9TKbhxZvLa62cYvmQ/X2ARMwV8sJtzwK0CeEwdqanhIwblGYOpcCtRHoqkJqqfWgZnDhqZTwcplCoNNK3FFtVaH53jsqZXY;DT=DI0YLv4MQBGQlusEP4JiLfBCg”
-H “Content-Type: application/json”
-H “Accept-Language: en;q=1.0”
-H “User-Agent: AuthenticationSample/1.0 (PB.AuthenticationSample; build:1; iOS 11.4.0) Alamofire/4.8.0”
-H “Accept-Encoding: gzip;q=1.0, compress;q=0.5”
-d “{“username”:“XXX@XXX.com”,“password”:“somepassword”}”
"https://{domain}/api/v1/authn"
Response:
<NSHTTPURLResponse: 0x610000026280> { URL: https://{domain}/api/v1/authn } { Status Code: 200, Headers {
“Cache-Control” = (
“no-cache, no-store”
);
Connection = (
“Keep-Alive”
);
“Content-Encoding” = (
gzip
);
“Content-Type” = (
“application/json;charset=UTF-8”
);
Date = (
“Thu, 03 Jan 2019 07:30:41 GMT”
);
Expires = (
0
);
“Keep-Alive” = (
“timeout=315, max=200”
);
P3P = (
“CP=“HONK””
);
Pragma = (
“no-cache”
);
“Public-Key-Pins-Report-Only” = (
“pin-sha256=“jZomPEBSDXoipA9un78hKRIeN/+U4ZteRaiX8YpWfqc=”; pin-sha256=“axSbM6RQ+19oXxudaOTdwXJbSr6f7AahxbDHFy3p8s8=”; pin-sha256=“SE4qe2vdD9tAegPwO79rMnZyhHvqj3i5g1c2HkyGUNE=”; pin-sha256=“ylP0lMLMvBaiHn0ihLxHjzvlPVQNoyQ+rMiaj0da/Pw=”; max-age=60; report-uri=“https://okta.report-uri.io/r/default/hpkp/reportOnly””
);
Server = (
nginx
);
“Set-Cookie” = (
“sid=”"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/",
“JSESSIONID=F731CD24B428B6D2ACD6E807E0F50900; Path=/; Secure; HttpOnly”
);
“Strict-Transport-Security” = (
“max-age=315360000”
);
“Transfer-Encoding” = (
Identity
);
Vary = (
“Accept-Encoding”
);
“X-Content-Type-Options” = (
nosniff
);
“X-Okta-Request-Id” = (
XC26IGe1wfLFB5epb2v0BgAAAbQ
);
“X-Rate-Limit-Limit” = (
600
);
“X-Rate-Limit-Remaining” = (
592
);
“X-Rate-Limit-Reset” = (
1546500685
);
} }
Authorize request:
$ curl -v
-b “JSESSIONID=F731CD24B428B6D2ACD6E807E0F50900;proximity_beb48734015c875160c574c2696a4f68=Ej60dXl725NxOJ0C6TgeKyDHKkJMPV4YpgMHAuXzLsKdpa25jeuSBgIgFOwXy5fnoDY3f7BAlTfOtVjAjTuIdf3xsZXAy6NHP9TKbhxZvLa62cYvmQ/X2ARMwV8sJtzwK0CeEwdqanhIwblGYOpcCtRHoqkJqqfWgZnDhqZTwcplCoNNK3FFtVaH53jsqZXY;DT=DI0YLv4MQBGQlusEP4JiLfBCg”
-H “Accept-Language: en;q=1.0”
-H “Set-Cookie: sid=”"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/, JSESSIONID=F731CD24B428B6D2ACD6E807E0F50900; Path=/; Secure; HttpOnly"
-H “User-Agent: AuthenticationSample/1.0 (PB.AuthenticationSample; build:1; iOS 11.4.0) Alamofire/4.8.0”
-H “Accept-Encoding: gzip;q=1.0, compress;q=0.5”
"https://{domain}/oauth2/v1/authorize?state=staticState&prompt=none&response_type=code&redirect_uri={redirect_uri}&client_id={client_it}&nonce=staticNonce&sessionToken={session_token}&response_mode=query&scope=openid%20offline_access"
Response:
<NSHTTPURLResponse: 0x610000026bc0> { URL: https://{domain}/oauth2/v1/authorize?state=staticState&prompt=none&response_type=code&redirect_uri={redirect_uri}&client_id={client_id}&nonce=staticNonce&sessionToken={token}&response_mode=query&scope=openid%20offline_access } { Status Code: 302, Headers {
“Cache-Control” = (
“no-cache, no-store”
);
Connection = (
“Keep-Alive”
);
“Content-Language” = (
en
);
“Content-Length” = (
0
);
Date = (
“Thu, 03 Jan 2019 07:32:47 GMT”
);
Expires = (
0
);
“Keep-Alive” = (
“timeout=315, max=200”
);
Location = (
“{redirect_uri}?code=3-AIN-UcpzYa3SRAacOn&state=staticState”
);
P3P = (
“CP=“HONK””
);
Pragma = (
“no-cache”
);
“Public-Key-Pins-Report-Only” = (
“pin-sha256=“jZomPEBSDXoipA9un78hKRIeN/+U4ZteRaiX8YpWfqc=”; pin-sha256=“axSbM6RQ+19oXxudaOTdwXJbSr6f7AahxbDHFy3p8s8=”; pin-sha256=“SE4qe2vdD9tAegPwO79rMnZyhHvqj3i5g1c2HkyGUNE=”; pin-sha256=“ylP0lMLMvBaiHn0ihLxHjzvlPVQNoyQ+rMiaj0da/Pw=”; max-age=60; report-uri=“https://okta.report-uri.io/r/default/hpkp/reportOnly””
);
“Referrer-Policy” = (
“no-referrer”
);
Server = (
nginx
);
“Set-Cookie” = (
“JSESSIONID=1CEF91CF00FBF32F8C9689E5151471DC; Path=/; Secure; HttpOnly”,
“t=purple; Path=/”,
“sid=102F6NMOZE7RPqPgokAREnKIQ; Path=/; Secure”,
“proximity_beb48734015c875160c574c2696a4f68=Ej60dXl725NxOJ0C6TgeKyDHKkJMPV4YpgMHAuXzLsKdpa25jeuSBgIgFOwXy5fnoDY3f7BAlTfOtVjAjTuIdf3xsZXAy6NHP9TKbhxZvLa62cYvmQ/X2ARMwV8sJtzwK0CeEwdqanhIwblGYOpcCtRHoqkJqqfWgZnDhqZTwcplCoNNK3FFtVaH53jsqZXY; Expires=Fri, 03-Jan-2020 07:32:47 GMT; Path=/; Secure”
);
“Strict-Transport-Security” = (
“max-age=315360000”
);
“X-Okta-Request-Id” = (
XC26n56CNkxxHLh8fMVtLQAAAbk
);
“X-Rate-Limit-Limit” = (
40
);
“X-Rate-Limit-Remaining” = (
39
);
“X-Rate-Limit-Reset” = (
1546500777
);
“X-Robots-Tag” = (
none
);
} }
Access token request:
$ curl -v
-X POST
-b “JSESSIONID=1CEF91CF00FBF32F8C9689E5151471DC;proximity_beb48734015c875160c574c2696a4f68=Ej60dXl725NxOJ0C6TgeKyDHKkJMPV4YpgMHAuXzLsKdpa25jeuSBgIgFOwXy5fnoDY3f7BAlTfOtVjAjTuIdf3xsZXAy6NHP9TKbhxZvLa62cYvmQ/X2ARMwV8sJtzwK0CeEwdqanhIwblGYOpcCtRHoqkJqqfWgZnDhqZTwcplCoNNK3FFtVaH53jsqZXY;sid=102F6NMOZE7RPqPgokAREnKIQ;t=purple;DT=DI0YLv4MQBGQlusEP4JiLfBCg”
-H “Content-Type: application/x-www-form-urlencoded”
-H “Accept-Language: en;q=1.0”
-H “Set-Cookie: sid=”"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/, JSESSIONID=F731CD24B428B6D2ACD6E807E0F50900; Path=/; Secure; HttpOnly"
-H “User-Agent: AuthenticationSample/1.0 (PB.AuthenticationSample; build:1; iOS 11.4.0) Alamofire/4.8.0”
-H “Accept-Encoding: gzip;q=1.0, compress;q=0.5”
-d “grant_type=authorization_code&client_secret={client_secret}&scope=openid%20offline_access&redirect_uri={redirect_uri}&code=3-AIN-UcpzYa3SRAacOn&client_id={client_id}”
"https://{domain}/oauth2/v1/token"
Response
<NSHTTPURLResponse: 0x608000027d00> { URL: https://{domain}/oauth2/v1/token } { Status Code: 403, Headers {
Connection = (
“Keep-Alive”
);
“Content-Length” = (
0
);
Date = (
“Thu, 03 Jan 2019 07:37:55 GMT”
);
“Keep-Alive” = (
“timeout=315, max=200”
);
P3P = (
“CP=“HONK””
);
“Public-Key-Pins-Report-Only” = (
“pin-sha256=“jZomPEBSDXoipA9un78hKRIeN/+U4ZteRaiX8YpWfqc=”; pin-sha256=“axSbM6RQ+19oXxudaOTdwXJbSr6f7AahxbDHFy3p8s8=”; pin-sha256=“SE4qe2vdD9tAegPwO79rMnZyhHvqj3i5g1c2HkyGUNE=”; pin-sha256=“ylP0lMLMvBaiHn0ihLxHjzvlPVQNoyQ+rMiaj0da/Pw=”; max-age=60; report-uri=“https://okta.report-uri.io/r/default/hpkp/reportOnly””
);
Server = (
nginx
);
“X-Okta-Request-Id” = (
“XC270yR-OwFvj3AWjXWOgQAAA5E”
);
“X-Rate-Limit-Limit” = (
40
);
“X-Rate-Limit-Remaining” = (
39
);
“X-Rate-Limit-Reset” = (
1546501085
);
} }
I have tried my different things on this but nothing worked.
The same thing is working in Postman, and also for the android developers in my team.
Need urgent help.