Hi, I created a PR project to add the Epic Games provider in Kratos but it seems that the TokenExchange is not using the authorization header as it should be with Endpoint.AuthStyle.AuthStyleInHeader in my custom provider configuration. Any idea why? https://github.com/ory/kratos/pull/3449

Hard to tell, do you get any error messages?

Hi @bland-eye-99092, Yes sorry I forgot to add it in my PR because it's a bug I encounter in my development, I have the following error message from Kratos returned by Epic Games because the authorization header is missing:

{
  "id": "9e29de5b-03c6-4e57-a883-3b6f52cb52c9",
  "error": {
    "code": 500,
    "status": "Internal Server Error",
    "message": "oauth2: \"invalid_client\" \"It appears that your Authorization header may be invalid or not present, please verify that you are sending the correct headers.\""
  },
  "created_at": "2023-08-25T08:52:16.587333Z",
  "updated_at": "2023-08-25T08:52:16.587333Z"
}

Even if I use AuthStyle.AuthInHeader as I said before.

We just had a similar case, where the credentials were wrong, but the library reported a similar (misleading) error. Could you verify that the credentials you’re sending are correct?

I sure that the credentials are correct i have the same data in my Postman and i have also to try wrong credentials in Postman and Epic Games return a specific error in this case:

{
  "errorCode": "errors.com.epicgames.account.invalid_client_credentials",
  "errorMessage": "Sorry the client credentials you are using are invalid",
  "messageVars": [],
  "numericErrorCode": 18033,
  "originatingService": "com.epicgames.account.admin",
  "intent": "prod",
  "error_description": "Sorry the client credentials you are using are invalid",
  "error": "invalid_client"
}

I’d probably start Kratos with a debugger attached and then go through the flow. Sometimes it’s easier to write a test that does the config setup, that helps with debugging.