"Failed to obtain access token" callback message when testing the Oauth V2 authorization mechanism


(Michael Raymund Espinosa) #1

Hello Guys,

I have been trying to create a standard Oauth v2 authorization mechanism, but I can’t get it to work properly.

When testing the authorization, Kore.ai was able to open the authorization URL in a new window, and I was able to enter the username and password normally. However, during the callback redirect I get a " failed to obtain access token" error.

oauth2_error

Full URL looks like this (I removed the actual state and code values) :
https://idp.kore.com/workflows/callback?session_state=some_session_state&code=some_session_code

Note that the code parameter is part of the callback URL, and I assume that this will be used to obtain the access token from the token endpoint url. Lastly, our identity platform is compliant with the standard oauth2 flow, so I am not sure what went wrong here.

If you guys need more information, don’t hesitate to ask me.

-Mike


(Vijay Thakkar) #2

I am also facing same issue with our Outh V2. I used code and tested token request using SoapUI, it’s working fine. Issue is at KORE.AI.

Occasionally I am getting below and mostly Failed to Obtain access token.

BadRequest-Cannot read property ‘idp’ of undefined


(Swagat) #3

@vijay.thakkar, @michaelraymund.espin,

Which system(s) are you trying to integrate with?
We hope the auth and token URL provided are fine.
We tested two of our sample bots - github and asana and OAuth2 is working fine for both.

Note - in case you do not have any tenancy URL, select no under subdomain.
For github sample bot, here are the key settings
image
image
image

The client ID and secret from github was copied into the Global environment variables as describe in the screenshot.

For the
BadRequest-Cannot read property ‘idp’ of undefined
error, it usually happens due to wrong callback URL.

Hope this helps.


(Vijay Thakkar) #4

For me, now issue of ‘idp’ read property issue is gone and I am now not getting not able to get access token. Attaching screenshots

Also noticed callback URL is different for me than yours in screenshots of github.

Kore_Pic3

Kore_Pic1 Kore_Pic2


(Vijay Thakkar) #5

I created account on https://bots.kore.ai/, and created bot there and tested with new authorization and there also after I changed my callback URL to https://idp.kore.com/workflows/callback

Issue still exists, no matter what.

I am trying to integrate with our company’s SSO which is Oauth 2 level.

I tested my configuration using SoapUI, it’s working fine.


(Michael Raymund Espinosa) #6

Hello @swagata.sengupta

Thanks for the inputs!

I also dug a bit deeper into this problem and I wanted to share my findings.

First, I wanted to see what payload Kore was sending to the token URL, so I created a dummy token URL API so that I can observe the incoming requests. It seems that the correct payload is indeed being sent.

(Note that I generated new client ids, secrets and users so that I can share it in this forum)
image

Second, I tried to forward this request to our real token URL, just to see what the response was. To my surprise, the request went through!

image

Thus, for now, I have a workaround :). However, I still have no clue why Kore can’t use OAUTH2 directly to our identity platform. Additionally, this platform is being maintained by a separate team on the other side of the world – hence I have no way to get the error response from the logs.

If someone from Kore wants to replicate this, I can post the oauth2 details here. I will also report this issue to our team that maintains our identity platform.

@vijay.thakkar - If you don’t have access to your identity platform logs, you can follow what I did. First, use a dummy token URL just to check the incoming request. Then, you can then forward it to the real token URL to see what the real server response is. Kore only shows a generic “Failed to obtain access token” message, hence it is hard to get the real error response from the identity platform.