google-app-engineoauth-2.0windows-livelive-sdk

oauth2 with windows live returns allways "HTTP request forbidden with client authentication scheme 'Anonymous'"

I wannt to use the loggin functionality of windows live for my app. Therefore I defined a redirect URL and created an App-ID and got an App-secret from:

https://account.live.com/developers/applications/create?tou=1

But every time I try to loggin to my app with my windows live account I get the following error message:

The HTTP request was forbidden with client authentication scheme 'Anonymous'.

When i look at my app summary it looks like:

...
Mobile Client-App or Desctopclient-App:
No

JWT-output restriction:
Yes

secure redirection:
active
...

I think the "secure redirection" is the problem. But it is not possible to change this value. Does anybody know how to solve this problem.

I m using google app engine and the authomatic framework in python. Something like this:

https://github.com/peterhudec/authomatic/tree/master/examples/gae/simple

=================== Here some extra information ================

When i click on the link on my app to login with windows I am redirected to :

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1411214956&rver=6.2.6289.0&wp=MBI_SSL&wreply=https:%2F%2Foauth.live.com%2Fauthorize%3Fscope%3Dwl.basic%252Cwl.emails%252Cwl.photos%26state%3D93df705504af6a4cf653a4d061%26redirect_uri%3Dhttp%253A%252F%252myLoginTestApp.appspot.com%252Flogin%252Fwl%26response_type%3Dcode%26client_id%3D00000000........%26auth_redirect%3Dtrue&lc=1031&id=276649&popupui=1

(where ......... is my App-ID) if i than sign in with username and password it ends with the error.

The logs of google developers console for this app looked like the following:

  1. authomatic: WindowsLive: Starting OAuth 2.0 authorization procedure.
  2. authomatic: WindowsLive: Redirecting user to https://oauth.live.com/authorize?scope=wl.basic%2Cwl.emails%2Cwl.photos&state=93df705504af6a4cf653a4d061&redirect_uri=http%3A%2F%2FmyLoginTestApp.appspot.com%2Flogin%2Fwl&response_type=code&client_id=00000000.........
  3. /login/wl?error=server_error&error_description=The%20HTTP%20request%20was%20forbidden%20with%20client%20authentication%20scheme%20'Anonymous'.&state=93df7055aaaf6a4cf653a4d061 someIp - - [20/Sep/2014:05:20:07 -0700] "GET /login/wl?error=server_error&error_description=The%20HTTP%20request%20was%20forbidden%20with%20client%20authentication%20scheme%20\'Anonymous\'.&state=93df7055aaaf6a4cf653a4d061 HTTP/1.1" 200 331 - "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0" "myLoginTestApp.appspot.com" ms=60 cpu_ms=0 cpm_usd=0.000037 instance=...someInstanceId... app_engine_release=1.9.11
  4. authomatic: WindowsLive: Reported suppressed exception: FailureError(u"The HTTP request was forbidden with client authentication scheme 'Anonymous'.",)!
Solution

  • It's because Windows Live changed their OAuth 2.0 endpoints. http://msdn.microsoft.com/en-us/library/hh243647.aspx

    I can see from the logs that you are using Authomatic which I'm the maintainer of. The new endpoints are fixed in Authomatic 0.0.9.