0

My question is similar to this question that did not accept an answer: Problems using node-restify-oauth2-mongodb

However, mine is a little different in that clientKeys collection is named correctly or at least I think so.

When I go into my mongo instance and look at my collections I have:

clientkeys
users

When I look at what is in those collections I see:

> db.clientkeys.find().pretty()
{
    "_id" : ObjectId("51c6e846ede91c0b8600005e"),
    "clientName" : "Test Client",
    "client" : "test",
    "secret" : "password"
}

> db.users.find().pretty()
{
    "_id" : ObjectId("543d7b974f1870f131c6d0aa"),
    "name" : "Test",
    "email" : "test@test.com",
    "username" : "tester1",
    "hashed_password" : "$2a$10$gpMXyCuILBbMF2K6Aroc7.lKoIpuGhvL98ZGGoE0tEOtYSQaCpMde",
    "role" : "Admin",
    "__v" : 0
}

I follow the direction in the repo: https://github.com/rgallagher27/node-restify-oauth2-mongodb

So I run this:

curl --data "name=Test&email=test@test.com&username=tester1&password=testing27&vPassword=testing27&role=Admin" http://localhost:8090/register

Which it responds how he says, like this:

{
    "__v":0,
    "name":"Test",
    "email":"test@test.com",
    "username":"tester1",
    "hashed_password":"$2a$10$3uwD9IiKVlkQJvdQXqm07uQnfcXae3AGjDh.zil8.8CgtlQ2MuACK",
    "_id":"520774753472d74e2c000001",
    "role":"Admin"
}

Then I run the following command:

curl --user test:password --data grant_type=password --data username=tester1 --data password=testing27 http://localhost:8090/token

This however returns:

{
    "error":"invalid_client",
    "error_description":"Client ID and secret did not validate."
}

I can't quite figure out what I am missing. Unless I am using the wrong collection name for my clientkeys but I don't think I am.

Thank you for any help you can provide!

Community
  • 1
  • 1
gmaniac
  • 940
  • 1
  • 17
  • 33
  • I looked through and it looked like the collection should be called `ClientKey` based on this line in `hooks.js`. `var Client = mongoose.model('ClientKey');` I changed my collection in mongo and that still didn't work. Any help would be appreciated, thanks! – gmaniac Oct 15 '14 at 15:05

2 Answers2

1

I used the same code .. and it works .. I think you didn't insert entry correctly for model ClientKey..thats clear from the feedback message.

it should be :

db.clientkeys.insert({  
   clientName:"Test Client",
   client:"test",
   secret:"password"
})

Note the name of collection clientkeys not ClientKey neither ClientKeys .. it should follow the module name + s ..

Maher Abuthraa
  • 17,493
  • 11
  • 81
  • 103
0

So after walking through the process I found that in the hooks.js they are receiving the wrong params for validateClient line 35 and grantUserToken line 52.

Here is what you will need to change to make this app work.

line 35

exports.validateClient = function (clientId, clientSecret, cb)

to

exports.validateClient = function (clientCredentials, req, cb)

line 39

Client.findOne({ client: clientId, secret: clientSecret }, function (err, client) {

to

Client.findOne({ client: clientCredentials.clientId, secret: clientCredentials.clientSecret }, function (err, client) {

line 52

exports.grantUserToken = function (username, password, cb)

to

exports.grantUserToken = function (allCredentials, req, cb)

line 54

var query = User.where( 'username', new RegExp('^' + username + '$', 'i') );

to

var query = User.where( 'username', new RegExp('^' + allCredentials.username + '$', 'i') );

line 61

} else if (user.authenticate(password)) {

to

} else if (user.authenticate(allCredentials.password)) {

line 65 and 66

var token       = generateToken(username + ":" + password);
var newToken    = new Token({ username: username, token: token });

to

var token       = generateToken(allCredentials.username + ":" + allCredentials.password);
var newToken    = new Token({ username: allCredentials.username, token: token });

line 70

redisClient.set(token, username);

to

redisClient.set(token, allCredentials.username);

Hope this helps someone and let me know if anyone else has a better solution. This worked for me.

Now when I run this

curl --user test:password --data grant_type=password --data username=tester1 --data password=testing27 http://localhost:8090/token

This is my response

{
    "access_token":"S7QEwABRiv6HCSaXy70mUlxY7i/Un/EcgWpvbrBhXlw=",
    "token_type":"Bearer"
}

Now for the secret routes still in the hooks.js change line 80

exports.authenticateToken = function (token, cb)

to

exports.authenticateToken = function (token, req, cb)

If you run this command

curl -H "Authorization:Bearer Your-Bearer-Token" http://localhost:8090/secret

Your response will be

{
    "message":"Success"
}

Happy coding!

gmaniac
  • 940
  • 1
  • 17
  • 33