Unprivileged access token in VIP Authentication Hub
search cancel

Unprivileged access token in VIP Authentication Hub

book

Article ID: 367405

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction


When running VIP Authentication Hub, and authenticating using the client API to manage the application, then the account doesn't get the priviledges in the access_token.

  POST http://{{sspHost}}/{{apiPathTenant}}/auth/v1/authenticate

  {
    "subject": "bleuser09",
    "channel": "web",
    "ipAddress": "10.10.123.124",
    "action":"authenticate", 
    "rememberMe" : true
  }

  "errorCode": "0000007",
  "errorMessage": "Unprivileged access token, cannot authorize the request with the given access token"
  

Environment

 

  VIP Authentication Hub 2.2.5;

 

Resolution


The client/app should be granted the scope 't.authenticate' (1).

Check by calling GET to '/admin/v1/AuthZPolicies' and checking the apps in 'AuthClientPolicy' policy (2).

Use POST to '/admin/v1/AdminRolesDelegator' to add the new app to the AuthClientPolicy to resolve this issue (2).

 

Additional Information