SAP Knowledge Base Article - Preview

3738186 - OAuth2 authorization_code with PKCE /oauth/authorize request fails in Swagger UI Authorize action in SAP Commerce Cloud JDK21

Symptom

When clicking Authorize button in Swagger UI and using oauth2_authroization_code, after providing client_id and client_secret, the /authorizationserver/oauth/authorize request failed with "Authorization not granted", "Invalid request".

In kibana log,  it shows "[invalid_request] OAuth 2.0 Parameter: redirect_uri" and the GET /authorizationserver/oauth/authorize request failed with 400.

{"origin":"access-log","timeMillis":1775122092565,"thread":"hybrisHTTP29","contextMap":{"remoteHost":"<IP>","remoteUser":null,"requestLine":"GET /authorizationserver/oauth/authorize?response_type=code&client_id=<client_id>&redirect_uri=https%3A%2F%2Fapi.***-***-**-public.model-t.cc.commerce.ondemand.com%2Focc%2Fv2%2Fswagger-ui%2Foauth2-redirect.html&state=<state_value>%3D%3D&code_challenge=<code_challenge>&code_challenge_method=S256 HTTP/1.1","statusCode":400,"bytesSent":1070,"processMillis":21734420,"commitMillis":21,"connectionStatus":"-"}}

{"instant":{"epochSecond":1775122092,"nanoOfSecond":582882090},"thread":"hybrisHTTP29","level":"INFO","loggerName":"com.sap.cx.commerce.platform.oauth2.authorizationserver.spring.OAuth2AuthorizationEndpointErrorHandler","message":"Authorization code request failure for '[invalid_request] OAuth 2.0 Parameter: redirect_uri'. Error forwarded to error page (400 BAD_REQUEST)","contextMap":{"RemoteAddr":"[<IP>] ","Tenant":""},"endOfBatch":false,"loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","threadId":1606,"threadPriority":5,"origin":"PLATFORM"}

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


Read more...

Environment

SAP Commerce Cloud for JDK21

Product

SAP Commerce Cloud 2211 for JDK21

Keywords

oauth2, authorization code, pkce, redirect_uri, invalid_request, swagger ui, registered redirect uri, public client, confidential client, code_verifier, authorizationserver, spring security, sap commerce cloud, oauth client configuration , KBA , CEC-SCC-PLA-PL , Platform , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.