Scheduler plugin and API does not work with UAA client credential
Article ID: 293430
Updated On:
Products
Operations Manager
Issue/Introduction
When you try to access a scheduler API endpoint with a client_credential token, it may fail with "401 Unauthorized".
For example, suppose the environment variable UAA_ACCESS_TOKEN contains the token retrieved with command, uaac token client get.
However, if a user token is used, access is successful.
For example, suppose the environment variable UAA_ACCESS_TOKEN contains the token retrieved with command, uaac token client get.
$ curl -k -X GET https://scheduler.<system domain>/jobs?space_guid=03dd1810-8118-4375-9d9e-527e476bd18f -H 'Accept: application/json' -H "authorization: $UAA_ACCESS_TOKEN" HTTP/1.1 401 Unauthorized
However, if a user token is used, access is successful.
Resolution
By design, the scheduler API endpoint only accepts a user token. Therefore, a user token is required to post API to the scheduler.
If you do need to use a client token to access the scheduler, please reach out to Solution Engineer on your VMware Tanzu account team to discuss possibly submitting a feature request.
If you do need to use a client token to access the scheduler, please reach out to Solution Engineer on your VMware Tanzu account team to discuss possibly submitting a feature request.
Feedback
Yes
No
Powered by
