Resolution: Cannot Reproduce
Affects Version/s: 188.8.131.52
Fix Version/s: None
When using MTLS authentication for OAuth2 clients, and an incorrect certificate is provided (or say Cert B for Client A, Cert A for Client B), AM returns invalid_grant error instead of invalid_client.
- Create and convert certificate to PEM:
- keytool -genkeypair -alias mtls_one -keyalg RSA -keystore ~/mtls_keystore.p12 -storetype PKCS12 (the first and last name should match the client ID to be registered in AM e.g. myClientOne)
- openssl pkcs12 -in test_keystore.p12 -out myClientOne.pem
- Create OAuth2 client myClientOne and set authentication method to self_signed_tls_client_auth, set mTLS Self-Signed Certificate to the certificate block in myClient.pem and set Public Key Selector as X509
- Repeat Steps 1 and 2 to create a certificate and register OAuth2 client "myClientTwo"
- Configure OAuth2Provider and set Trusted TLS Client Certificate Header to myCert
- Authenticate as demo user
- Use the session from the previous step to make the authorize call and get the authorization code for myClientOne
- Use the authorization code from the last step to get an access token. Add the header myCert and the value here should be the certificate for myClientTwo.