Forums | Back to Concur Developer Center

Oauth2 access token with Client Credentials grant


#1

Hello,

i’m trying to get Auth token based on Oauth2 Client Credentials grant type, and it seems that Concur is constantly reporting invalid client. I checked my credentials 10 times, all good, but still no success.

Postman screenshot is here:

When i try with old (pre 2017 depreciated) OAuth flow, i successfully get token but then when i try to use it i constantly get

IDX10708: ‘System.IdentityModel.Tokens.JwtSecurityTokenHandler’ cannot read this string: ‘0_iNIuqQfcm1lVK442hRAp6q3EU=’.
The string needs to be in compact JSON format, which is of the form: ’
.
.
<OPTIONAL, Base64UrlEncodedSignature>’.

2019-01-28T07:21:58
1AE2346E-B9F5-4271-AEDD-D0A15D17A75C

I use only header with “Authorization” : “Bearer 0_XXXxxXXXxxxXXX=”
Can anyone help me understand what is going on with API ?

Regards,
Marko


#2

Hello,

It looks like you’re missing necessary Key-Value pairings from your screenshot.

You need to have all of the following:

  • client_id // issued to you via Concur Web Services team
  • client_secret // issued to you via Concur Web Services team
  • grant_type // Set this equal to the word “password
  • username // user with Web Services Admin permission
  • password // password of Web Services Admin
  • credtype // Set this equal to the word “password

#3

Thank you very much @mike1!

I understood from API documentations, that for client_credentials grant type we don’t need specific user, but rather we can obtain token and call API on behalf of Company.

I found it here, under section Client Credentials grant:
https://developer.concur.com/api-reference/authentication/apidoc.html#client_credentials

Do you maybe know is it possible to use this grant flow, and avoid using direct user and password?

Regards!
Marko


#4

Hi @marko.bejat,

I just made a request using the client_credentials, and it returned a token successfully.

I would look at 2 things…

  1. Is your instance definitely in the European data center?
  2. I have 3 Headers, and I notice you have only 1. Try adding the following Headers: “Content-Type”, “Host”, and “Connection”


#5

Thank you @mike1! I really appreciate your help!

I just did test, and still no success unfortunately :frowning:
neither with us.api.concursolutions.com neither with emea.api.concursolutions.com

Have you used set-up like this:


Or maybe some additional fields in request Body?

Thank you in advance!


#6

@marko.bejat,
I think the next step at this point would be to open a web services ticket with Concur support.
If your instance recently when through any major changes (i.e. turned on SSO, was refreshed, etc.), this may be the cause that the web services credentials to be wiped out.