[REST API] 토큰 발급시 401 Bad client credentials가 돌아옵니다

앱 id: 956020

보안 설정에서 client secrete 을 비활성화로 돌려보기도 하고 코드를 재발급 받아보기도 했지만 반응은 똑같습니다.

1. 토큰 발급시 사용하는 코드는 아래와 같습니다.

                         curl_easy_setopt( curl, CURLOPT_URL, "https://kauth.kakao.com/oauth/token");
			
			curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf); 

			errbuf[0] = 0;// set the error buffer as empty before performing a request

			//? #####  end of debug ##### 
			std::string contentType = "Content-type: application/x-www-form-urlencoded;charset=utf-8";
			
			struct curl_slist *headers = curl_slist_append( NULL, contentType.c_str() );
			curl_easy_setopt( curl, CURLOPT_HTTPHEADER, headers );

			std::string postField = "\"grant_type\"=\"authorization_code\", \"client_id\"=\"" +RESTAPIKey+ "\", \"redirect_uri\"=\"https://example.com/oauth\", \"code\"=\"" +authCode+ "\", \"client_secret\"=\"" +RESTAPISectret+"\"";
			std::cout << "postField final: " << postField << std::endl;

			curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
			curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);

			curl_easy_setopt( curl, CURLOPT_POST, 1L);
			curl_easy_setopt( curl, CURLOPT_POSTFIELDS, postField.c_str() );

			/*set up for receiving data */
			buf_t *buf = buf_size( NULL, BUFFER_SIZE );
			curl_easy_setopt( curl, CURLOPT_WRITEFUNCTION, fetch_data );
			curl_easy_setopt( curl, CURLOPT_WRITEDATA, buf );




			CURLcode result = curl_easy_perform( curl );

2. curl 응답은 아래와 같습니다.

*   Trying 203.133.166.32:443...
* Connected to kauth.kakao.com (203.133.166.32) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: C:/msys64/mingw64/ssl/certs/ca-bundle.crt
*  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=KR; ST=Jeju-do; L=Jeju-si; O=Kakao Corp.; CN=*.kakao.com
*  start date: Sep  6 00:00:00 2022 GMT
*  expire date: Sep 29 23:59:59 2023 GMT
*  subjectAltName: host "kauth.kakao.com" matched cert's "*.kakao.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Thawte TLS RSA CA G1
*  SSL certificate verify ok.
> POST /oauth/token HTTP/1.1
Host: kauth.kakao.com
Accept: */*
Content-type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 274

* upload completely sent off: 274 out of 274 bytes
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Date: Fri, 18 Aug 2023 05:36:02 GMT
< Content-Type: application/json;charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-store
< Pragma: no-cache
< WWW-Authenticate: Bearer realm="oauth", error="invalid_client", error_description="Bad client credentials"
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, OPTIONS
< Access-Control-Allow-Headers: Authorization, KA, Origin, X-Requested-With, Content-Type, Accept
<
* Connection #0 to host kauth.kakao.com left intact
restAPIGetAccessToken:
{"error":"invalid_client","error_description":"Bad client credentials","error_code":"KOE010"}
tokenResponseCode:
401

client secrete 을 비활성화 했는데 KOE010 발생한다면, Request가 잘못된 경우입니다.

로그 확인 위해 토큰 발급에 사용한 인가코드 1개 기재 해주세요.

최근 15분내

956020 앱으로 특정되는 토큰 발급요청도 없고
기재하신 인가코드 파라메터 설정된 요청도 없는 것으로 볼때 헤더와 파라메터 모두 정상 전달 안된 것으로 보입니다.

IP 알려주시겠어요?

“application/x-www-form-urlencoded” Content-Type은 OAuth2 로그인에 사용되는 표준 방식으로

POST Request Body내 쿼리 스트링 형태로 파라메터 전달해야힙니다.

body에 key, value형태로 잘못 요청되었습니다.
CURLOPT_POSTFIELDS에 쿼리스트링 형태로 전달 해보시겠어요?

확인 감사합니다.
body 형태를 쿼리스트링 형태로 변경 후 문제가 해결되었습니다.
고생하셨습니다~