1. posterid:473999
  2. Update a user token scope

Re: Update a user token scope

Paul Bakare
 

Is there a test coverage for User PATCH update?

Couldn't find any at
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java#L233

Steps to replicate:
uaac target http://localhost:8080/uaa
uaac token client get admin -s adminsecret
uaac -t curl -H 'Cookie: JSESSIONID=A1F9D1FDBF7D3EDADE74318EE7666613' -H
"Content-Type: application/json" -X PATCH -d {"emails":[{"value": "
marissa(a)test.org", "primary": true}]}'
http://localhost:8080/uaa/Users/4c7f6709-939e-4d9c-8655-9996b7d69ce6

Token has got the the scim.write scope, but I'm getting a forbidden
error: {"error":"access_denied","error_description":"Access is denied"}

I've exhausted all options and would appreciate some help.

On Tue, Mar 1, 2016 at 5:59 PM, Kayode Odeyemi <dreyemi(a)gmail.com> wrote:

Thanks Chris.

However, my token when decoded, has got "scim.write" scope set:


{"jti":"b4884e49-87a6-47cb-9653-48e41e60e130","sub":"4c7f6709-939e-4d9c-8655-9996b7d69ce6","scope":["scim.read","scim.write","openid","oauth.approvals"],"client_id":"useraccount","cid":"useraccount","azp":"useraccount","user_id":"4c7f6709-939e-4d9c-8655-9996b7d69ce6","user_name":"marissa","email":"
marissa(a)test.org","iat":1436854938,"exp":1436898138,"iss":"
http://localhost:8080/uaa/oauth/token
","aud":["useraccount","scim","openid","oauth"]}

But I still get a 403 Forbidden

On Mon, Feb 22, 2016 at 9:52 AM, Chris De Oliveira <cdutra(a)pivotal.io>
wrote:

Hi Kayode,

If the user is trying to update their own recored you don't need any
particular scope for your client. But if updating other user's record you
need "scim.write".

Sincerely,
Chris Dutra

On Sun, Feb 21, 2016 at 9:36 PM, Kayode Odeyemi <dreyemi(a)gmail.com>
wrote:

Hi,

The docs at
https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#id52 doesn't
define the scope for user update API endpoint.

Can someone assist with this? What's the token scope for a user updating
own User info?

Appreciate your help

?
attachment.html

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.