Service API Error "error":"invalid_grant"

  • Updated

Setting up the ServiceAPI:

http://world.episerver.com/documentation/Items/Episerver-Service-API/Configuration-and-overview/Setting-up-EPiServerServiceApi/

If the serviceAPI nuget package is added to the solution, and you have checked that tblUserPermission hasEPiServerServiceApi, and you have gone to url myurl.no/episerverapi/version to get version number and that works.

When you then go to myurl.no/episerverapi/token you get unsupported_grant_type which is correct too.

 

We use ASP.net Identity, so our startup file looks like this 

public class Startup
{
// For more information on configuring authentication,
// please visit http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/episerver-aspnetidentity/

private readonly IConnectionStringHandler _connectionStringHandler;

public Startup() : this(ServiceLocator.Current.GetInstance<IConnectionStringHandler>())
{
// Parameterless constructor required by OWIN.
}

public Startup(IConnectionStringHandler connectionStringHandler)
{
_connectionStringHandler = connectionStringHandler;
}

public void Configuration(IAppBuilder app)
{
app.AddCmsAspNetIdentity<SiteUser>(new ApplicationOptions
{
ConnectionStringName = _connectionStringHandler.Commerce.Name
});

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider.
// Configure the sign in cookie.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager<SiteUser>, SiteUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user)),
OnApplyRedirect = (context => context.Response.Redirect(context.RedirectUri)),
OnResponseSignOut = (context => context.Response.Redirect(UrlResolver.Current.GetUrl(ContentReference.StartPage)))
}
});

app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>();
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

EnableFacebookAccountLogin(app);
}

private static void EnableFacebookAccountLogin(IAppBuilder app)
{
// Note that the id and secret code below are fictitious and will not work when calling Facebook.
//FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions
//{
// AppId = "idstring",
// AppSecret = "secretstring"
//};
//facebookOptions.Scope.Add("email");
//app.UseFacebookAuthentication(facebookOptions);
}
}

As you can see I have added the 
app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>(); 
to the code

So when I try to get token  using ServiceApi-Client 

You always get the error with "invalid_grant"

The password I use I know works, and I'm part of the Administrer group

Try to use SiteUser instead of ApplicationUser?
app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<SiteUser>, SiteUser>();
https://github.com/lunchin/Quicksilver/blob/service-api/Sources/EPiServer.Reference.Commerce.Site/Infrastructure/Owin/Startup.cs