credentials - oauth2 in bundle service API

[yashas224]

I have this curl which gives me back the access token as per auth flows:

curl --request POST
--url https://dev-vmfs2xsxy47w5vfr.us.auth0.com/oauth/token
--header 'content-type: application/json'
--data '{"client_id":"","client_secret":"","audience":"https://dev-vmfs2xsxy47w5vfr.us.auth0.com/api/v2/","grant_type":"client_credentials"}'

Response:

{
"access_token":ACCESS TOKEN,
"scope": "read:users",
"expires_in": 86400,
"token_type": "Bearer"
}

I am using this bundle config:

services:

• name: bundleService
  url: http://docker.for.mac.localhost:9090/bundle-provider
  credentials:
  oauth2:
  token_url: https://dev-vmfs2xsxy47w5vfr.us.auth0.com/oauth/token
  grant_type: client_credentials
  client_id:
  client_secret:
  additional_parameters:
  audience: https://dev-vmfs2xsxy47w5vfr.us.auth0.com/api/v2/

bundles:
authz:
service: bundleService
resource: download/policies.tar.gz
polling:
min_delay_seconds: 10
max_delay_seconds: 20

I have made sure that I am passing the right client ID and client_secret. I have curled the command in the pod. it works fine and generates an access token.

But the OPA container throws this exception:
{"level":"error","msg":"Bundle load failed: request failed: error in response from OAuth2 token endpoint: {"error":"access_denied","error_description":"Unauthorized"}","name":"authz","plugin":"bundle","time":"2023-04-26T18:22:30Z"}

Can someone help me regarding this?

[yashas224]

Do I have an option to log the request that is made by the OPA container?

[anderseknert]

Setting opa run --server --log-level debug should give you somthing, IIRC.

[anderseknert]

which gives me back the access token as per auth flows

Which OAuth2 flow would that be? You are sending request parameters encoded as JSON. The spec for the client credentials request specifically states:

The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body.