Re: UAA api /introspect does not seem to be workign as expected #uaa

Shetty, Viraj S [CTR]


Thanks for your help ! I found what the problem was. 

I ran a local copy of the UAA on my laptop, pointing to the cloud database and ran your testcases; it all worked as expected ! I was able to use the /introspect endpoint with the bearer token. 

So, I started comparing the differences in the uaa.yml file (default and our yaml) and found that the problem was the setting in my uaa.yml file which excluded authorities in the tokens. 

        - authorities

The default uaa.yml had this commented and I just uncommented it while deploying our UAA  When I removed this setting, I am able to use the /introspect with the bearer token. I could also see that the token for the client introspect-test now has the authorities set as below. Looks like the UAA code is looking at "authorities" claim and not the "scope" claim.  Is that expected ?

  "authorities": [
  "scope": [

I am just wondering why that option (exclude authorities) is there in the first place and if removing that option affects
anything else.



Join to automatically receive all group messages.