Login not working in CORS via POST body, only via POST url params

avi.fatal · December 2, 2018, 9:01am

When I use POST in CORS and trying to login via /v2/oauth/token I get the error: Null reference passed as parameter, I have debugged the issue, and it seems that the request parameters are empty.

But, if I login by sending the params in the url and not in the body, it is working.

This workaround is dangerous because the passwords will be logged with the HTTP log.

In angular:
this wont work:

this.httpClient.post(this.server + "/v2/oauth/token?grant_type=password",loginModel,{headers : header,withCredentials : true}).subscribe(x => {
      debugger;
    });

and this will work

this.httpClient.post(this.server + "/v2/oauth/token?grant_type=password&username=" + loginModel.username + "&password=" + loginModel.password,{},{headers : header,withCredentials : true}).subscribe(x => {
      debugger;
    });

I assume that this is not a BUG in cuba, am I missing something with the CORS in java?

Thanks

artamonov · December 2, 2018, 10:28am

Hi,

Do you pass login / password in POST body as shown in the example?

avi.fatal · December 2, 2018, 11:37am

@artamonov Please have a look at the images bellow.

Params sent in body only - not working
Params sent in the body - working

1. Not working request:

2. Working reqeust:

Thanks

artamonov · December 2, 2018, 2:08pm

Why do you add grant_type=password to URL? It should be in body with all the parameters:

In the example:

data: {grant_type: 'password', username: userLogin, password: userPassword},

artamonov · December 2, 2018, 2:11pm

Also, please check REST-API swagger: Swagger UI

All the parameters must be passed as form data, not in URL query:
swagger