I'm trying to follow the Oracle-Base Oracle Rest Data Service (ORDS) Authentication tutorial to set up OAuth2 client credentials-based authentication for the sample ORDS API. I have got as far as trying to retrieve an access token under the OAuth : Client Credentials but I get "401 Unauthorized" instead of the expected "200 OK" in the example.
I'm using the cURL command below to retrieve the access token. Note that I've replaced the OAuth client ID and client secret; also schemaalias is different. Otherwise the command is as identical as possible to the example in the tutorial.
curl -i -k --user clientIdEtc..:clientSecretEtc.. --data "grant_type=client_credentials" http://localhost:8080/ords/schemaalias/oauth/token
I have tested that the API works when no authentication is configured.
As I'm working in a sample environment, I'm connecting over HTTP instead of HTTPS. I followed the instructions to allow OAuth over HTTP at the beginning of the tutorial and if I hadn't have done that, I would expect a 403 Forbidden error.
I have double-checked the various artefacts including the ORDS roles, privileges, privilege to role associations, privilege mappings, clients, client privileges and client roles and as far as I can tell they match up.
I'm working with ORDS version 18.1.1.95.1251 and it's deployed with WebLogic Server 12c.
Depending on where the cause of the problem is:
I found that I was using the wrong port number (i.e. http://localhost:8080 instead of http://localhost:7002).