When running VIP Authentication Hub, and authenticating using the client API to manage the application, then the account doesn't get the priviledges in the access_token.

  POST http://{{sspHost}}/{{apiPathTenant}}/auth/v1/authenticate

  {
    "subject": "<user>",
    "channel": "web",
    "ipAddress": "10.10.123.124",
    "action":"authenticate", 
    "rememberMe" : true
  }

  "errorCode": "0000007",
  "errorMessage": "Unprivileged access token, cannot authorize the request with the given access token"
  

  VIP Authentication Hub 2.2.5;

The client/app should be granted the scope 't.authenticate' (1).

Check by calling GET to '/admin/v1/AuthZPolicies' and checking the apps in 'AuthClientPolicy' policy (2).

Use POST to '/admin/v1/AdminRolesDelegator' to add the new app to the AuthClientPolicy to resolve this issue (2).

1. Authentication Client
   
   
2. Example of Authorization APIs