cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Where do i configure the client_id and client_secret for rest webservices ?

Go to solution
Former Member

on ‎05-28-2015 12:51 PM

0 Kudos

As described here: https://wiki.hybris.com/display/release5/OAuth+2.0 a call to the oauth token endpoint looks like this:

res = tokenURL.post(deadline: 30, payload:"client_id=${client_id}&client_secret=${client_secret} &grant_type=password&username=${username}&password=${password}".getBytes())

But where do i configure my client_id and client_secret ? With bogus values i get:

{ "errors": [ { "type": "BadClientCredentialsError", "message": "Bad client credentials" } ] }

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

christoph_probst
Active Participant
‎05-28-2015 1:07 PM
0 Kudos

you can find the configuration in your extension under web/webroot/WEB-INF/config/common/security-spring.xml. There is a block where the secret is specified. by default client_secret is secret and you can use mobile_android for client_id. The configuration block looks like

         <oauth:client-details-service id="clientDetails">
             <oauth:client client-id="client-side" resource-ids="hybris" scope="basic" authorized-grant-types="implicit,client_credentials"
                 authorities="ROLE_CLIENT" secret="secret" redirect-uri="http://localhost:9001/rest/oauth2_implicit_callback" />
             <oauth:client client-id="mobile_android" resource-ids="hybris" scope="basic"
                 authorized-grant-types="authorization_code,refresh_token,password,client_credentials" authorities="ROLE_CLIENT" secret="secret"
                 redirect-uri="http://localhost:9001/rest/oauth2_callback" />
             <oauth:client client-id="trusted_client" resource-ids="hybris" scope="extended"
                 authorized-grant-types="authorization_code,refresh_token,password,client_credentials" authorities="ROLE_TRUSTED_CLIENT"
                 secret="secret" />
         </oauth:client-details-service>
Show replies
Show replies
Former Member
‎09-29-2017 4:40 PM
0 Kudos

Do I need to restart the hybrisserver after this change or init or anything? Or it is something accepted on runtime?

Answers (2)

Answers (2)

former_member626698
Explorer
‎09-30-2017 3:36 PM
0 Kudos

Hi, It's been changed on Hybris 6.x You can write an impex or use backoffice to configure them

You can check [here]

Impex example:

 INSERT_UPDATE OAuthClientDetails;clientId[unique=true]    ;resourceIds       ;scope        ;authorizedGrantTypes                                            ;authorities             ;clientSecret    ;registeredRedirectUri
                                 ;client-side              ;hybris            ;basic        ;implicit,client_credentials                                     ;ROLE_CLIENT             ;secret          ;http://localhost:9001/authorizationserver/oauth2_implicit_callback;
                                 ;mobile_android           ;hybris            ;basic        ;authorization_code,refresh_token,password,client_credentials    ;ROLE_CLIENT             ;secret          ;http://localhost:9001/authorizationserver/oauth2_callback;

Regards,

[1]: https://help.hybris.com/6.4.0/hcd/627c92db29ce4fce8b01ffbe478a8b3b.html

Show replies
Show replies
Former Member
‎09-30-2017 4:16 PM
0 Kudos

Thanks shared.

Former Member
‎05-28-2015 1:07 PM
0 Kudos

/hybris/bin/ext-template/ycommercewebservices/web/webroot/WEB-INF/config/security-spring.xml

Show replies
Show replies
Ask a Question