search cancel

Clarity api KEY cannot authenticate when switching Bearer Token

book

Article ID: 254456

calendar_today

Updated On:

Products

Clarity PPM SaaS

Issue/Introduction

You are using a REST client testing tool like Postman.  When switching Bearer Tokens, the server rejects the request with a 401 Unauthorized

The Bearer Token is from a user that has full API access rights in Clarity.

 

Environment

Release : 16.0.3

Cause

Clarity returns a cookie to the caller.  Subsequent requests will send that cookie.  The cookie is tied to the user that made the initial request.  So if the Bearer Token is changed, the call will fail as the clarity cookie from the previous user is sent.

The following error will appear in the app-ca.log file

ERROR 2022-11-09 09:19:13,679 [http-nio-8080-exec-1309] ppm.rest (clarity:[email protected]:7373213__841724B2-40C5-4B15-B184-6435EA0AB4EB:PPM_REST_API) AuthenticationFilter :: Exception while authenticating user. com.niku.union.security.SecurityException: Access Token does not match with user: [email protected] at com.ca.ppm.rest.security.AccessTokenAuthenticationService.establishSession(AccessTokenAuthenticationService.java:345) at com.ca.ppm.rest.security.AccessTokenAuthenticationService.login(AccessTokenAuthenticationService.java:228) at com.ca.ppm.rest.security.AccessTokenAuthenticationService.login(AccessTokenAuthenticationService.java:268) at com.ca.ppm.rest.security.AuthenticationFilter.doFilter(AuthenticationFilter.java:87

Resolution

Some Rest clients will store a cookie returned by Clarity.  If a request is made but the Bearer Token is different, the request will get rejected with a 401

The solution is to clear the cookies before switching the Bearer Token.