Issue with getting Bearer Token with API Token from REST API

  • Platform information:
    • Hardware: RPi4 and/or ~AWS T2.Medium footprint
    • OS: Debian 11
    • Java Runtime Environment: JRE 11
    • openHAB version: 3.3
  • Issue of the topic: In attempting to access the REST API using an issued API Key, we cannot get the /auth/tokens endpoint to issue a token.

Using the API Explorer in OpenHAB 3.3, the user is presented with the following screen:

It would be impossible to have valid defaults here. Presumably the API Key issued goes into the client_id field, which is our configuration.

There are no hints as to defaults in the remainder of fields, nor a range of options given. Investigation found us a list of options for grant_type:

For a mobile client, either authorization_code or clients_credentials seem valid options, depending on use case.

Using the above options alone results in a Response Code 400 with an error of invalid_grant.

But the tool is appending the existing bearer token it’s obtained for itself in an auth header. Thus, it makes sense this would be an invalid grant. So, I remain unconvinced there is actually an issue here.

Except, that using e.g. PostMan as a remote test, which should not have a pre-existing token, we achieve the same result.

Further investigation into invalid_grant digs up articles that provide a laundry list of issues that can potentially cause this, like this StackOverflow answer:

We installed and validated net time services just to be on the safe side, but the only other option that seems of interest is the redirect URI mismatch.

Question #1: What format is OpenHAB looking for the grant_type to be in (e.g. AuthorizationCode and ClientCredentials or authorization_code and client_credentials or something else)?

Question #2: Should this API be expected to work in the API browser, or is it a special case?

Question #3: For authorization_code and client_credentials use cases, is the Redirect URI predictably and allowably blank?


  • If logs where generated please post these here using code fences: