Hello All,
I have having noodle Shaker today where with Postman I can connect to the APIs in the Sandbox ok but when I try in production i am getting the below. error. All the setting are the same for the accounts between environments.
Never had this one happen in a different system when all is the same as such with IDN. maybe Whitelist in the network or something?
Unable to authenticate: {“error”:“invalid_client”,“error_description”:“Bad client credentials”}
Hi @andrew_deligio,
Welcome to the SailPoint Developer Community !
What do you mean by saying “ll the setting are the same for the accounts between environments.” ?
Do you use differents credentials per environnement ?
Hello Andrew,
Make sure you are using a Personal Access Token in your production environment with the right scopes. Try using scope: sp:scopes:all on your PAT and see if it works.
So, for each environment there is a different set of Keys and Client ID. What I mean is everything as in scope is the same but for the URL, Client ID and secret since its two different environments.
The logs have not been as helpful as I thought but for the error message. Not sure where to run a deeper trace i guess would help too
yes, as well i am using all scope. Again, it works fine for Dev but when i do the same for Prod i am getting this back from the applications. Thinking it must be a block on the Network side of the client but not sure as this is the first time i have seen this and its pretty straight forward.
Hi Andrew,
From the error it seems to issue with the client credentials. Can you try generating token from your local machine where there are no restriction for accessing the internet to rule out bad client credential issue
Thank
Did it a bunch of times with both applications Its my first time on this project with no documentation sadly what was done before me. I may have to have them open a support ticket as see if they are nice enough to help debug. My worries are if i do this with actually applications it will break as well for production.
I had to create a Global API key instead of PAT to get it to work with Postman. The plug in for VS code though does not like that and expects to be a PAT which i am still looking into
You need to have a PAT if there is any api which requires a User Context. But for generating toekn the Global API should work not sure why it is giving the error to you. But please try using PAT to see if it fixes the issue
As others have stated, you cannot use the same PAT you generated for your sandbox environment in your prod environment. You must generate a new PAT in your prod environment and make sure that it is properly setup in your postman collection in order to access your production APIs.
I got a similar issue. It happens for both my sandbox PAT and prod PAT (of course, the url is different).
Taking the sandbox env for example. I have confirmed that I’m using the PAT generated from my account (with client id and secret), and the curl is correct as well. But I still get
the following when hit the /oauth/token endpoint,
{"error":"invalid_client","error_description":"Bad client credentials"}
I login to our sandbox ui through sso with PingOne, will that be an issue of using the PAT to retrieve access token?
Since my account is an admin user, I’ve also tried generate the client_id and secret from Admin → Global → Security Settings → API Management, and create a new api client from there. The client id and secret created using this approach worked when retrieving the access token using the exact the same endpoint, same approach.
So it’s clear that the endpoint is correct, but why my PAT generates me the invalid_client error? What could be wrong here? How identitynow on backend is verifying the client_id?
Btw, the below is how I made the call to retrieve access token for sandbox env
curl --location 'https://{tenant}-sb.api.identitynow.com/oauth/token' \
--form 'grant_type="client_credentials"' \
--form 'client_id="{clientId}"' \
--form 'client_secret="{clientSecret}"'
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.