Error while RS registering requested permission with Authorisation Server

By: Doma Samson user 12 Jun 2018 at 6:27 a.m. CDT

5 Responses
Doma Samson gravatar
While trying to register a resource permission the below response is received { "error": "invalid_client_scope", "error_description": "The requested scope is invalid, unknown, or malformed." } This is the request url:-https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc_pr Request body: { "resource_id":"@!0A89.453C.B8CA.A5F8!0001!BC3D.D573!0009!43F1", "resource_scopes":[ "https://gluu.innovation-poc.com/oxauth/restv1/uma/scopes/passport_access" ] } And authentication is also defined
Ubuntu 16.04
closed

Answers

By Michael Schwartz Account Admin 12 Jun 2018 at 1:26 p.m. CDT

Copy
Michael Schwartz gravatar
Is this scope defined: ``` https://gluu.innovation-poc.com/oxauth/restv1/uma/scopes/passport_access ``` Can you attach a screenshot of the UMA Scopes screen in oxTrust?

By Doma Samson user 13 Jun 2018 at 3:22 a.m. CDT

Copy
Doma Samson gravatar
Hi, The resource creation and permission registration works fine now when I give uma_protection as scope in advanced options of OAuth authentication. If I remove the uma_protection scope it will throw the same error again. I'm using Insomnia however I couldn't attach the screenshot of the same. I'm copying the request and response below curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc/resource_set \ --header 'authorization: Bearer 8bb4d6a8-7a1d-463f-8894-78812f80349a' \ --header 'content-type: application/json' \ --data '{ "resource_scopes":[ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ], "icon_uri":"http://www.example.com/icons/sharesocial.png", "name":"Tweedl Social Service", "type":"http://www.example.com/rsrcs/socialstream/140-compatible", "exp": 1419356238 }' Response is { "_id": "2bfce16d-5637-4f54-9159-f70127b2c5dc", "user_access_policy_uri": null } Permission Registration curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc_pr \ --header 'authorization: Bearer a7098077-69f5-4cfa-9a5d-00b299ae4d93' \ --header 'content-type: application/json' \ --data '{ "resource_id":"2bfce16d-5637-4f54-9159-f70127b2c5dc", "resource_scopes": [ "http://www.example.com/scopes/all", "post-updates", "read-public", "read-private" ] }' Response { "ticket": "e8d4366f-dd6e-487e-845c-21fa97486ec8" } However when I do token introspection it won't list the permissions created curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/rpt/status \ --header 'authorization: Bearer 448b2496-a598-4957-925a-1d145e5b4c78' Response { "active": false, "exp": null, "iat": null, "nbf": null, "permissions": null, "client_id": null, "sub": null, "aud": null, "iss": null, "jti": null, "pct_claims": null } Why permissions are empty even though resources are registered. And also is uma_protection scope mandatory for the APIs to work. I'm very sorry I couldn't find any option here to upload the screenshots otherwise I could have

By Thomas Gasmyr Mougang staff 13 Jun 2018 at 12:08 p.m. CDT

Copy
Thomas Gasmyr Mougang gravatar
Hi Doma, All resources are uma protected that is why you need uma_protection in scopes list. Please try to format you curl request, it isn't readable.

By Doma Samson user 14 Jun 2018 at 2:53 a.m. CDT

Copy
Doma Samson gravatar
Hi, Thanks for your reply. Please could you answer on why rpt/status shows null values for permissions even though resources are registered with permissions Thanks, Doma

By Thomas Gasmyr Mougang staff 25 Jun 2018 at 5:40 a.m. CDT

Copy
Thomas Gasmyr Mougang gravatar
Hi Samson, Still need assistance on this ticket or can we close it?

Post an answer