Clarity api KEY cannot authenticate when switching Bearer Token
Article ID: 254456
Updated On: 05-03-2024
Products
Issue/Introduction
You are using a REST client testing tool like Postman. When switching Bearer Tokens, the server rejects the request with a 401 Unauthorized
The Bearer Token is from a user that has full API access rights in Clarity.
Environment
Release : 16.0.3
Cause
Clarity returns a cookie to the caller. Subsequent requests will send that cookie. The cookie is tied to the user that made the initial request. So if the Bearer Token is changed, the call will fail as the clarity cookie from the previous user is sent.
The following error will appear in the app-ca.log file
ERROR 2022-11-09 09:19:13,679 [http-nio-8080-exec-1309] ppm.rest (clarity:previous.user@example.com:7373213__841724B2-40C5-4B15-B184-6435EA0AB4EB:PPM_REST_API) AuthenticationFilter :: Exception while authenticating user. com.niku.union.security.SecurityException: Access Token does not match with user: previous.user@example.com at com.ca.ppm.rest.security.AccessTokenAuthenticationService.establishSession(AccessTokenAuthenticationService.java:345) at com.ca.ppm.rest.security.AccessTokenAuthenticationService.login(AccessTokenAuthenticationService.java:228) at com.ca.ppm.rest.security.AccessTokenAuthenticationService.login(AccessTokenAuthenticationService.java:268) at com.ca.ppm.rest.security.AuthenticationFilter.doFilter(AuthenticationFilter.java:87
Resolution
Some Rest clients will store a cookie returned by Clarity. If a request is made but the Bearer Token is different, the request will get rejected with a 401
The solution is to clear the cookies before switching the Bearer Token.
Feedback
