How to use the SCIM API as a user

By: Roman Stejskal user 01 Jul 2020 at 3:49 a.m. CDT

4 Responses
Roman Stejskal gravatar
Hello, I'm having issues using the SCIM API to get / update a user's profile. I've created an OpenID client, authenticated in with the password grant type and got back a token. But when I use that token to access the SCIM APIs, I'm getting 401 error. The only time I was able to access the SCIM APIs was when test mode was enabled and I used the client_credentials grant type. I'm a bit at loss here. What am I doing wrong? How can I, on behalf of a specific user, access SCIM APIs to read and change the user's profile? Is what I'm trying to do even correct, or should this be done differently?
Ubuntu 20.04
closed

Answers

By Jose Gonzalez staff 01 Jul 2020 at 7:34 a.m. CDT

Copy
Jose Gonzalez gravatar
> Is what I'm trying to do even correct, It's incorrect. You don't access the API on behalf of a specific user. Also, this is not authentication API. There is no granularity level: once you properly get a token, you (your application) get full access to all endpoints that allow to manage different types of resources (not only users). The [docs](https://www.gluu.org/docs/gluu-server/user-management/scim2/) clearly explain there are 2 modes: test or UMA. How to get a token in test mode is detailed step-by-step. UMA is more involved, but the goal is again, a token.

By Roman Stejskal user 01 Jul 2020 at 7:43 a.m. CDT

Copy
Roman Stejskal gravatar
Hello Jose, thanks for the response. Is there a standard way a user can update their own profile, or is this something I simply have to implement on my side, meaning that my application will access the SCIM API and the application itself has to enforce that the user can only modify their own account? Either way, I can't see the process to get a token in UMA mode, as I sure don't want to use test mode in production. Can you link me to a resource explaining how to do that?

By Jose Gonzalez staff 01 Jul 2020 at 9:35 a.m. CDT

Copy
Jose Gonzalez gravatar
> is this something I simply have to implement on my side, That's correct > I can't see the process to get a token in UMA mode There are 2 implementations you can reuse so that you can abstract the many details involved in UMA flow: - https://github.com/GluuFederation/scim/tree/master/scim-client (If you do Java) - https://github.com/GluuFederation/SCIM-Node (Javascript) Otherwise, there is an step-by-step example (language agnostic): https://github.com/GluuFederation/SCIM-Client/wiki/SCIM-protected-by-UMA:-simplified-flow

By Roman Stejskal user 01 Jul 2020 at 10:55 a.m. CDT

Copy
Roman Stejskal gravatar
Amazing, this cleared up everything. Thanks for the great help, Jose!

Post an answer