Client authentication failed

The first attempt of sending this Password Credentials Grant Request via curl was successful:

curl -X POST -d "grant_type=password&username=username&password=test&client_id=farm&scope=farm_manager" http://localhost/oauth/token

But after expiry of token and subsequent attempts to re-run the above request is failing and gives this result:

{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}

What must be done to get the same result like the first result?

PS the URL, Username and Password are not the actual values provided

Source from: Authentication | farmOS

Thanks!

Hi @farm welcome to the forum!

What happens if you run the same curl command multiple times? When I try that it works and gives me a new access_token and refresh_token each time.

If I look in the oauth2_token table in the database, I see all of these tokens.

I am not getting the invalid_client error that you described the second time that I run the curl command. Are you? Or is it only happening after the token expires? I will wait an hour and run it again to see if I get that error, but I wouldn’t expect to because it shouldn’t matter. It always just creates a new set of tokens.

The invalid_client error generally means that the client_id=farm parameter is incorrect. Or that the default farm client has been misconfigured. Have you touched any of the “Consumers” configuration for that client in the farmOS UI?

1 Like

Same result after the tokens expired.

I changed the settings of Farm consumer entity because it is giving

{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}

These are the current settings in the photos:


Do I need a redirect URI? I also added a New Secret. Not sure how to remove the Secret. I can login in the web GUI with the username and password I provided there in the curl command so I provided the right username and password to the curl command.

When the farm_api module gets installed, it creates the default farm consumer here: farmOS/farm_api.install at 0093d48b84a88aa5402404331051807ed12e3cc2 · farmOS/farmOS · GitHub

Refer to that to undo all the changes you made. The default farm client is intended only for simple API usage (eg: from a Python script), and you shouldn’t need to modify the default configuration.

If you want to do more than that, I would recommend creating a new consumer with a different client_id and configuration. farmOS uses the Consumers and Simple OAuth (v5.x) Drupal modules for OAuth2. Those modules offer a lot of flexibility, but they require a bit deeper understanding to use correctly.

If you want to start fresh, you can delete the default consumer, uninstall the farm_api module, and then reinstall it. That will run the code I linked to above again to recreate the default consumer.

Is there a reference in the docs to do the uninstall and reinstall of the farm_api module?

Adding to what I said earlier. I found a refresh_token record in the farm1_oauth2_token table. Not sure if that’s the reason why I am having this invalid_client error

Is this the one that needs to be uninstalled and reinstalled?

I can’t uninstall farm_api because of this:

farmOS API Provides configuration for the farmOS API.
The following reason prevents farmOS API from being uninstalled:

  • Required by: farm_fieldkit

Yes that’s the one.

Required by: farm_fieldkit

This module probably isn’t installed so it doesn’t matter.