Hi,
The resource creation and permission registration works fine now when I give uma_protection as scope in advanced options of OAuth authentication. If I remove the uma_protection scope it will throw the same error again. I'm using Insomnia however I couldn't attach the screenshot of the same. I'm copying the request and response below
curl --request POST \
--url https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc/resource_set \
--header 'authorization: Bearer 8bb4d6a8-7a1d-463f-8894-78812f80349a' \
--header 'content-type: application/json' \
--data '{
"resource_scopes":[
"read-public",
"post-updates",
"read-private",
"http://www.example.com/scopes/all"
],
"icon_uri":"http://www.example.com/icons/sharesocial.png",
"name":"Tweedl Social Service",
"type":"http://www.example.com/rsrcs/socialstream/140-compatible",
"exp": 1419356238
}'
Response is
{
"_id": "2bfce16d-5637-4f54-9159-f70127b2c5dc",
"user_access_policy_uri": null
}
Permission Registration
curl --request POST \
--url https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc_pr \
--header 'authorization: Bearer a7098077-69f5-4cfa-9a5d-00b299ae4d93' \
--header 'content-type: application/json' \
--data '{
"resource_id":"2bfce16d-5637-4f54-9159-f70127b2c5dc",
"resource_scopes": [
"http://www.example.com/scopes/all",
"post-updates",
"read-public",
"read-private"
]
}'
Response
{
"ticket": "e8d4366f-dd6e-487e-845c-21fa97486ec8"
}
However when I do token introspection it won't list the permissions created
curl --request POST \
--url https://gluu.innovation-poc.com/oxauth/restv1/rpt/status \
--header 'authorization: Bearer 448b2496-a598-4957-925a-1d145e5b4c78'
Response
{
"active": false,
"exp": null,
"iat": null,
"nbf": null,
"permissions": null,
"client_id": null,
"sub": null,
"aud": null,
"iss": null,
"jti": null,
"pct_claims": null
}
Why permissions are empty even though resources are registered. And also is uma_protection scope mandatory for the APIs to work. I'm very sorry I couldn't find any option here to upload the screenshots otherwise I could have