Access OAuth 2.0 Endpoint in WSO2 IS with curl commands

02 Nov

This is useful for the testing of OAuth 2.0 in Wso2 Identity Server
Here what I’m going to explain is how to get the Access Token for “Resource owner credentials” and “Client credentials” types in OAuth 2.O

1. Start the IS in default port 9443
2. Go to Mange->OAuth->Register New Application
Register the new application in IS and take the Client_ID,Client_Secret

3. Go to command line and send the following curl commands and take the token

Type – “Resource owner credentials” (in the curl command represent as ‘password’)

curl -u Client_id:Client_secret -k -d "grant_type=<strong>password</strong>&amp;username=admin&amp;password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token

Here you have to give the above Client_id and Client_secret

Then you will receive following JSON message


This message contains the access_token

Type – “Client credentials”

curl -u Client_Id:Client_Secret -k -d "grant_type=<strong>client_credentials</strong>&amp;username=admin&amp;password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token

Then you will receive following JSON message


In this scenario you doesn’t receive the “refresh_token” according to the OAuth 2.0 spec

Above curl commands you have to specify the correct endpoint URL
ex/ if you need to access the remote IS in then you have to give

4. Validate the token buy using the OAuth2TokenValidationService  – this is an Admin service

First you have to disable the HideAdminServiceWSDLs property in carbon.xml as follows
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs> then restart the IS

Now Download the SoapUi project and invoke the OAuth2TokenValidationService

OAuth2TokenValidationService is an admin service so we have to give the username password in soapui project
Once you take the token from curl commands you will receive the access token then you can send the access token to the above validation service through the SoapUI.
Actually we don’t need to send the “client_ID” and “context” values only thing is we have to send the “Access Token” and “Token Type

Leave a comment

Posted by on November 2, 2012 in Identity Server, wso2


Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: