I am trying to generate an access token using the ODC API in the DEV environment.
I am using the client_credentials grant type.
While calling the token endpoint, I receive the error: "invalid_client".
I have verified the client_id and client_secret, and the Content-Type is set to application/x-www-form-urlencoded.
I am using an OutSystems Development Cloud (ODC) Free account.
Environment: ODC (Free) – DEV
Application Type: Integration
Hi,
The issue is with the client secret. In your screenshot, it’s already encoded. You only need to encode the secret when using it directly inside your ODC applications. In Postman, you should paste the raw client secret and let Postman handle the encoding automatically. That should resolve the issue.
Although the document said we should encode manually, but I have tried and found that it is really no need. Outsystems auto for it for us
https://success.outsystems.com/documentation/outsystems_developer_cloud/odc_rest_apis/api_authentication_and_authorization/get_access_token/
Hi Saket,In ODC, the recommended way to obtain an access token for the public ODC REST APIs is to first call the Discovery document and then use the token_endpoint returned there. If you hardcode a realm-based Keycloak URL (e.g., /auth/realms/.../protocol/openid-connect/token) you can easily end up hitting the wrong authorization server/realm for your tenant, which typically results in 401 with invalid_client.
Per the official ODC documentation, the steps are:
Call the discovery endpoint
curl -X GET "https:///identity/.well-known/openid-configuration" \
-H "accept: application/json"
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=&client_secret="
If you’re calling the token endpoint from an OutSystems app, OutSystems also recommends URL-encoding the client secret (e.g., EncodeURL(Settings.ClientSecret)).
So, I’d suggest:
I hope, this information can help you.
Best, Miguel
I tried integrating external CI/CD with our ODC Free account using the API Client and client credentials, but it does not work.
Even with:
Correct client_id and client_secret
With or without encoding via postman
Is getting access token working in free account.
Getting the token is working in a personal environment. Try generating a new client secret.
Hi Saket,
Yes, getting an access token works on ODC Free/Personal.
If you’re still getting invalid_client, in practice it almost always comes down to one of these:
A quick way to isolate the problem is:
In your screenshot you are requesting the tokens from the wrong realm.
1. Step: Lookup the token endpoint from your portal realm using
https://personal-thdyfzp8.outsystems.dev/identity/.well-known/openid-configurationThis returns an OpenID discovery document. Lookup the value for "token_endpoint" that should look like this:
https://personal-thdyfzp8.outsystems.dev /auth/realms/<UUID>/protocol/openid-connect/token2. Step: Client credentials flowLooking at your screenshot this looks good. Change the Url to your portal realm token endpoint and you should be good to go.
Best,
Stefan
I am using the exact token_endpoint returned by /identity/.well-known/openid-configuration (as shown in the screenshot).
Calling the token endpoint from Postman
Trying both with encoding and without encoding of the client secret
The request always returns:
invalid_client
That is the wrong one. Please read my post and use the discovery document I wrote there. The -dev.outsystems.app is the realm for applications. Not for your tenant.In your personal environment you have two identity realms. One for the platform (thats the one you need. the domain is <personal>.outsystems.dev and one for your applications which is <personal>-dev.outsystems.app.
The solution is working
Thanks
Great to ready. Would you please mark my answer as solution? Mich appreciated.