Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to reset the smartedit OAuth client?

former_member797511
Explorer

on ‎2022 Apr 06 10:17 PM

3,976

SAP Commerce 2011

When trying to login with a newly created user, get an error message saying Bad Credentials.

Works fine with existing users.

Can anyone help with how that smartedit OAuth client should be configured?

Also, if the client secret is updated in the backoffice, is this automatically provided to the front end (login form)?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

mansurarisoy
Contributor
‎2022 Apr 07 12:50 AM

smartedit extension have the following impex file (essentialdata_smartedit.impex) which is imported during updatesytem task

INSERT_UPDATE OAuthClientDetails;clientId[unique=true];resourceIds;scope[mode=append];authorizedGrantTypes;accessTokenValiditySeconds;authorities;clientSecret;
;smartedit;hybris;basic,permissionswebservices,previewwebservices;password,client_credentials;3600;;;
;smartedit-admin;hybris;extended,permissionswebservices,previewwebservices;password,client_credentials;3600;ROLE_ADMINGROUP;secret;
;smartedit-cmsmanager;hybris;extended,permissionswebservices,previewwebservices;password,client_credentials;3600;ROLE_BASECMSMANAGERGROUP;secret;

So the clientSecret of smartedit client is cleared every time you execute update system.

Similarly, following documentation has also the same impex (with a missing EOL character): https://help.sap.com/viewer/9d346683b0084da2938be8a285c0c27a/latest/en-US/3f675dfd41e642c0b107d0d41e...

When you try to change secret of the smartedit client from backoffice, login requests will get 401 from smartedit. So smartedit expects OAuth client to have no secret defined.

I think there should be a way to be able define a secret for smartedit client since it can be used to brute force to check a customer's credentials via /authorizationserver/oauth/token or to disable user's account by entering wrong credentials.

Show replies
Show replies
former_member797511
Explorer
‎2022 Apr 07 1:06 AM
0 Likes

Thanks for your input.

What you say makes sense.

I re-ran that impex to reset the smartedit client to be as it is OOTB.

However, when I attempt to login as a newly created user, I am still getting the following error in the console:

  1. {error: "invalid_grant", error_description: "Bad credentials"}
  1. error: "invalid_grant"
  2. error_description: "Bad credentials"

mansurarisoy
Contributor
‎2022 Apr 07 7:34 AM

Can you investigate the payload to see if everything is correct? Is the user able to login Backoffice or HAC? And if the issue happens in your local as well, you can try to understand what's going on by debugging CoreAuthenticationProvider's following method

public Authentication authenticate(Authentication authentication) throws AuthenticationException

Hope this helps,

former_member797511
Explorer
‎2022 May 03 3:11 PM
0 Likes

Meant to follow up with you Mansur since you were kind enough to help.

Incredibly, it was not really an Oauth problem. But the user that was created in the BackOffice was created with mixed case characters in the email (e.g. John.Doe@acme.com)

Something in the Oauth permissioning did not like this. Eventually when we changed it to john.doe@acme.com, it worked immediately.

I reported this to SAP so hopefully they will either prevent this at source (in the BackOffice via validation) or address the Oauth handling.

Thanks again for your help!

mansurarisoy
Contributor
‎2022 May 06 7:20 AM
0 Likes

Hi Alan, if the case sensitivity is the issue here, please check the collation of the database of yours (or even the collation of users table). If the collation is case sensitive (generally stated as CS in the collation code) the flexible queries will be case sensitive too, thus the following queries will have different results.

SELECT {pk} FROM {User} WHERE {uid} = 'john.doe@acme.com'
SELECT {pk} FROM {User} WHERE {uid} = 'John.Doe@acme.com'

See the document for the suggested collations for SQL server. They are both case-insensitive: Latin1_General_CI_AS and SQL_Latin1_General_CP1_CI_AS

Ask a Question