UAA api /introspect does not seem to be workign as expected #uaa


Shetty, Viraj S [CTR]
 

Hi All, 

We are using UAA version 74.14.0 

We have a UAA installation for our internal applications in cloudfoundry environment. We have been having a problem in verifying the oauth token (JWT token) using the /introspect token, but cannot seem to see the reason. I tried a test using postman. 

1. created a client with authority uaa.resource. See properties below. It has the uaa.resource authority. 

    scope: uaa.none
    resource_ids: none
    authorized_grant_types: client_credentials
    autoapprove:
    access_token_validity: 300
    authorities: uaa.resource

2. Generate a token for a user to test verification. 
3. Using postman, I tried to call /introspect api with the "Authorization: Basic ..." (this is deprecated). But this call worked fine and I was able to see the token in returned json. 
4. Using postman, I tried to call /introspect api with the "Authorization: Bearer {token}". This call failed with an error  

{
    "error""access_denied",
    "error_description""Access is denied"
}

I checked the bearer token and made sure that the scope has uaa.resource in there

"scope": [ "uaa.resource" ],

It looks like the /introspect call succeeds with "Authorization: basic .." but not "Authorization: bearer ..". 

Let me know what I am missing. I followed the API docs and I dont think I am missing any other authorithy for the client. 

Any help is appreciated. 

Thanks,
Viraj 


Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.