https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179319#M141565 <P>On CB version 1.16.4, attempting to obtain Oauth token to access the rest API. (SSL Cert in place but wrong hostname)</P><P>Call to UAA:</P><PRE>curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"cloudbreak"}' "http://***:8089/oauth/authorize?response_type=token&amp;client_id=cloudbreak_shell" </PRE><P>Response:</P><PRE>HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Cache-Control: no-store X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Location: <A href="http://cloudbreak.shell#token_type=bearer&amp;access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJkZDVmMWUwMDNmNTQ0MzY2OTM1ODMzNTdiMTBhYjcwYyIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODM3NTUsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDgzNzU2LCJleHAiOjE1MDk1MjY5NTYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.Kae0YSVvVzyno1H-DcsCkjb88-UCTgVKeiseTezeRyo&amp;expires_in=43199&amp;scope=cloudbreak.networks.read%20periscope.cluster%20cloudbreak.usages.user%20cloudbreak.recipes%20cloudbreak.usages.global%20openid%20cloudbreak.platforms%20cloudbreak.templates.read%20cloudbreak.usages.account%20cloudbreak.events%20cloudbreak.stacks.read%20cloudbreak.blueprints%20cloudbreak.networks%20cloudbreak.templates%20cloudbreak.sssdconfigs%20cloudbreak.platforms.read%20cloudbreak.credentials.read%20cloudbreak.securitygroups.read%20cloudbreak.securitygroups%20cloudbreak.stacks%20cloudbreak.credentials%20cloudbreak.recipes.read%20cloudbreak.sssdconfigs.read%20cloudbreak.blueprints.read&amp;jti=dd5f1e003f54436693583357b10ab70c" target="_blank">http://cloudbreak.shell#token_type=bearer&amp;access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJkZDVmMWUwMDNmNTQ0MzY2OTM1ODMzNTdiMTBhYjcwYyIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODM3NTUsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDgzNzU2LCJleHAiOjE1MDk1MjY5NTYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.Kae0YSVvVzyno1H-DcsCkjb88-UCTgVKeiseTezeRyo&amp;expires_in=43199&amp;scope=cloudbreak.networks.read%20periscope.cluster%20cloudbreak.usages.user%20cloudbreak.recipes%20cloudbreak.usages.global%20openid%20cloudbreak.platforms%20cloudbreak.templates.read%20cloudbreak.usages.account%20cloudbreak.events%20cloudbreak.stacks.read%20cloudbreak.blueprints%20cloudbreak.networks%20cloudbreak.templates%20cloudbreak.sssdconfigs%20cloudbreak.platforms.read%20cloudbreak.credentials.read%20cloudbreak.securitygroups.read%20cloudbreak.securitygroups%20cloudbreak.stacks%20cloudbreak.credentials%20cloudbreak.recipes.read%20cloudbreak.sssdconfigs.read%20cloudbreak.blueprints.read&amp;jti=dd5f1e003f54436693583357b10ab70c</A> Content-Language: en Content-Length: 0</PRE><P>Store TOKEN in ENV</P><PRE>export TOKEN=eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJkZDVmMWUwMDNmNTQ0MzY2OTM1ODMzNTdiMTBhYjcwYyIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODM3NTUsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDgzNzU2LCJleHAiOjE1MDk1MjY5NTYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.Kae0YSVvVzyno1H-DcsCkjb88-UCTgVKeiseTezeRyo</PRE><P>Call to CB API with TOKEN</P><PRE>curl -k -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" <A href="https://***/stacks/13" target="_blank">https://***/stacks/13</A> { "InvalidTokenException": { "error": [ "invalid_token" ], "error_description": [ "undefined" ] } } </PRE><P>Get Cloudbreak Shell Token from CBD Utils</P><PRE>cbd util token eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiIwYWE4NmY2ZjgxMjA0OGVhYWQ5ZDg5NDFkZjllNzU2YSIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODQxNDQsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDg0MTQ0LCJleHAiOjE1MDk1MjczNDQsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.xZgHAOTryXwbJN0DfaH_ISFU0IkLymTqlOmE2LZmKck </PRE><P>Store TOKEN in ENV</P><PRE>export TOKEN=[token from above]</PRE><P>Call to CB API with TOKEN</P><PRE>curl -k -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" <A href="https://***/stacks/13" target="_blank">https://***/stacks/13</A> { "InvalidTokenException": { "error": [ "invalid_token" ], "error_description": [ "undefined"</PRE><P>This worked fine in CB 1.14.x. Has something changed in terms of how UAA issues tokens or what those tokens have access to?</P> Wed, 01 Nov 2017 04:12:43 GMT vvaks 2017-11-01T04:12:43Z https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179319#M141565 <P>On CB version 1.16.4, attempting to obtain Oauth token to access the rest API. (SSL Cert in place but wrong hostname)</P><P>Call to UAA:</P><PRE>curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"cloudbreak"}' "http://***:8089/oauth/authorize?response_type=token&amp;client_id=cloudbreak_shell" </PRE><P>Response:</P><PRE>HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Cache-Control: no-store X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Location: <A href="http://cloudbreak.shell#token_type=bearer&amp;access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJkZDVmMWUwMDNmNTQ0MzY2OTM1ODMzNTdiMTBhYjcwYyIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODM3NTUsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDgzNzU2LCJleHAiOjE1MDk1MjY5NTYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.Kae0YSVvVzyno1H-DcsCkjb88-UCTgVKeiseTezeRyo&amp;expires_in=43199&amp;scope=cloudbreak.networks.read%20periscope.cluster%20cloudbreak.usages.user%20cloudbreak.recipes%20cloudbreak.usages.global%20openid%20cloudbreak.platforms%20cloudbreak.templates.read%20cloudbreak.usages.account%20cloudbreak.events%20cloudbreak.stacks.read%20cloudbreak.blueprints%20cloudbreak.networks%20cloudbreak.templates%20cloudbreak.sssdconfigs%20cloudbreak.platforms.read%20cloudbreak.credentials.read%20cloudbreak.securitygroups.read%20cloudbreak.securitygroups%20cloudbreak.stacks%20cloudbreak.credentials%20cloudbreak.recipes.read%20cloudbreak.sssdconfigs.read%20cloudbreak.blueprints.read&amp;jti=dd5f1e003f54436693583357b10ab70c" target="_blank">http://cloudbreak.shell#token_type=bearer&amp;access_token=eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJkZDVmMWUwMDNmNTQ0MzY2OTM1ODMzNTdiMTBhYjcwYyIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODM3NTUsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDgzNzU2LCJleHAiOjE1MDk1MjY5NTYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.Kae0YSVvVzyno1H-DcsCkjb88-UCTgVKeiseTezeRyo&amp;expires_in=43199&amp;scope=cloudbreak.networks.read%20periscope.cluster%20cloudbreak.usages.user%20cloudbreak.recipes%20cloudbreak.usages.global%20openid%20cloudbreak.platforms%20cloudbreak.templates.read%20cloudbreak.usages.account%20cloudbreak.events%20cloudbreak.stacks.read%20cloudbreak.blueprints%20cloudbreak.networks%20cloudbreak.templates%20cloudbreak.sssdconfigs%20cloudbreak.platforms.read%20cloudbreak.credentials.read%20cloudbreak.securitygroups.read%20cloudbreak.securitygroups%20cloudbreak.stacks%20cloudbreak.credentials%20cloudbreak.recipes.read%20cloudbreak.sssdconfigs.read%20cloudbreak.blueprints.read&amp;jti=dd5f1e003f54436693583357b10ab70c</A> Content-Language: en Content-Length: 0</PRE><P>Store TOKEN in ENV</P><PRE>export TOKEN=eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJkZDVmMWUwMDNmNTQ0MzY2OTM1ODMzNTdiMTBhYjcwYyIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODM3NTUsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDgzNzU2LCJleHAiOjE1MDk1MjY5NTYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.Kae0YSVvVzyno1H-DcsCkjb88-UCTgVKeiseTezeRyo</PRE><P>Call to CB API with TOKEN</P><PRE>curl -k -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" <A href="https://***/stacks/13" target="_blank">https://***/stacks/13</A> { "InvalidTokenException": { "error": [ "invalid_token" ], "error_description": [ "undefined" ] } } </PRE><P>Get Cloudbreak Shell Token from CBD Utils</P><PRE>cbd util token eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiIwYWE4NmY2ZjgxMjA0OGVhYWQ5ZDg5NDFkZjllNzU2YSIsInN1YiI6IjIwOTllZGRjLThhMjktNDlhOC1iN2E1LTYzY2RlYTViNTVhZCIsInNjb3BlIjpbImNsb3VkYnJlYWsubmV0d29ya3MucmVhZCIsInBlcmlzY29wZS5jbHVzdGVyIiwiY2xvdWRicmVhay51c2FnZXMudXNlciIsImNsb3VkYnJlYWsucmVjaXBlcyIsImNsb3VkYnJlYWsudXNhZ2VzLmdsb2JhbCIsIm9wZW5pZCIsImNsb3VkYnJlYWsucGxhdGZvcm1zIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMucmVhZCIsImNsb3VkYnJlYWsudXNhZ2VzLmFjY291bnQiLCJjbG91ZGJyZWFrLmV2ZW50cyIsImNsb3VkYnJlYWsuc3RhY2tzLnJlYWQiLCJjbG91ZGJyZWFrLmJsdWVwcmludHMiLCJjbG91ZGJyZWFrLm5ldHdvcmtzIiwiY2xvdWRicmVhay50ZW1wbGF0ZXMiLCJjbG91ZGJyZWFrLnNzc2Rjb25maWdzIiwiY2xvdWRicmVhay5wbGF0Zm9ybXMucmVhZCIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMucmVhZCIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiLCJjbG91ZGJyZWFrLnJlY2lwZXMucmVhZCIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MucmVhZCIsImNsb3VkYnJlYWsuYmx1ZXByaW50cy5yZWFkIl0sImNsaWVudF9pZCI6ImNsb3VkYnJlYWtfc2hlbGwiLCJjaWQiOiJjbG91ZGJyZWFrX3NoZWxsIiwiYXpwIjoiY2xvdWRicmVha19zaGVsbCIsInVzZXJfaWQiOiIyMDk5ZWRkYy04YTI5LTQ5YTgtYjdhNS02M2NkZWE1YjU1YWQiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJhZG1pbkBleGFtcGxlLmNvbSIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20iLCJhdXRoX3RpbWUiOjE1MDk0ODQxNDQsInJldl9zaWciOiJjNjk1OWFhIiwiaWF0IjoxNTA5NDg0MTQ0LCJleHAiOjE1MDk1MjczNDQsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiY2xvdWRicmVha19zaGVsbCIsImNsb3VkYnJlYWsucmVjaXBlcyIsIm9wZW5pZCIsImNsb3VkYnJlYWsiLCJjbG91ZGJyZWFrLnBsYXRmb3JtcyIsImNsb3VkYnJlYWsuYmx1ZXByaW50cyIsImNsb3VkYnJlYWsudGVtcGxhdGVzIiwiY2xvdWRicmVhay5uZXR3b3JrcyIsInBlcmlzY29wZSIsImNsb3VkYnJlYWsuc3NzZGNvbmZpZ3MiLCJjbG91ZGJyZWFrLnVzYWdlcyIsImNsb3VkYnJlYWsuc2VjdXJpdHlncm91cHMiLCJjbG91ZGJyZWFrLnN0YWNrcyIsImNsb3VkYnJlYWsuY3JlZGVudGlhbHMiXX0.xZgHAOTryXwbJN0DfaH_ISFU0IkLymTqlOmE2LZmKck </PRE><P>Store TOKEN in ENV</P><PRE>export TOKEN=[token from above]</PRE><P>Call to CB API with TOKEN</P><PRE>curl -k -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" <A href="https://***/stacks/13" target="_blank">https://***/stacks/13</A> { "InvalidTokenException": { "error": [ "invalid_token" ], "error_description": [ "undefined"</PRE><P>This worked fine in CB 1.14.x. Has something changed in terms of how UAA issues tokens or what those tokens have access to?</P> Wed, 01 Nov 2017 04:12:43 GMT https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179319#M141565 vvaks 2017-11-01T04:12:43Z https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179320#M141566 <P>Hi <A rel="user" href="https://community.cloudera.com/users/3656/vvaks.html" nodeid="3656">@Vadim Vaks</A></P><P>I tested with latest version of Cloudbreak and the "cbd util token" command is still works for me. But if you use the address of the proxy server that provides the SSL then you should use the "/cb" sub-path to send requests to the API and the endpoints could be found under "/api/v1" path like:</P><PRE>curl -k -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" <A href="https://192.168.99.100/cb/api/v1/stacks/user" target="_blank">https://192.168.99.100/cb/api/v1/stacks/user</A></PRE><P>On the other hand your curl command is not parameterized properly. The URL would look like:</P><PRE><A href="http://192.168.99.100:8089/oauth/authorize?response_type=token&amp;client_id=cloudbreak_shell&amp;scope.0=openid&amp;source=login&amp;redirect_uri=http://cloudbreak.shell" target="_blank">http://192.168.99.100:8089/oauth/authorize?response_type=token&amp;client_id=cloudbreak_shell&amp;scope.0=openid&amp;source=login&amp;redirect_uri=http://cloudbreak.shell</A></PRE><P>Br,<BR />Tamas</P> Wed, 01 Nov 2017 22:25:46 GMT https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179320#M141566 tbihari 2017-11-01T22:25:46Z https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179321#M141567 <P><A rel="user" href="https://community.cloudera.com/users/359/tbihari.html" nodeid="359">@Tamas Bihari</A> </P><P>I had /cb/api/v1/stacks/user in my code but was calling /api/v1/stacks/user in my tests. Turns out it helps to call the correct API endpoint <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>The problem turned out to be the Invalid SSL Cert in mentioned above. I built a Spring application on top of Cloudbreak. I have an SSL context that trusts all certificates but was using default hostname verification. The previous instance I referred to had a valid certificate, so everything worked fine. When I installed the fresh instance of Cloudbreak, the generated certificate did not have the correct hostname. When I called the API, application threw Certificate exception but I was catching all Exceptions and handling it as if it was an auth token rejection. Added all trusting HostnameVerifier to resolve the exception.</P><P>Thanks for putting a second pair of eyes on this. </P><P>BTW...</P><P>Implicit grant does not seem to require query parameter to be formatted as <STRONG>client_id=cloudbreak_shell≻ope.0=openid&amp;source=login&amp;redirect_uri=http://cloudbreak.shell</STRONG></P><P>The token obtained using:</P><PRE>curl -iX POST -H "accept: application/x-www-form-urlencoded" -d 'credentials={"username":"admin@example.com","password":"cloudbreak"}' "http://***:8089/oauth/authorize?response_type=token&amp;client_id=cloudbreak_shell"<BR /></PRE><P>Seems to be valid. </P> Wed, 01 Nov 2017 23:53:29 GMT https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179321#M141567 vvaks 2017-11-01T23:53:29Z https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179322#M141568 <A rel="user" href="https://community.cloudera.com/users/3656/vvaks.html" nodeid="3656">@Vadim Vaks</A><P>You are welcome and thanks for the minimized query parameters.</P> Thu, 02 Nov 2017 02:36:46 GMT https://community.cloudera.com/t5/Support-Questions/Cloudbreak-Oauth-Token-generated-but-always-rejected-by/m-p/179322#M141568 tbihari 2017-11-02T02:36:46Z