Got 403 when requesting /connections

yuzhang · January 28, 2021, 1:35am

We repeatedly get a list of connection from api/v2/connections since a long ago, but recently it started to fail. Can someone help figure out what’s happening?

It returned {
“statusCode”: 403,
“error”: “Forbidden”,
“message”: “Insufficient scope, expected any of: read:connections”,
“errorCode”: “insufficient_scope”
}

sidharth.chaudhary · January 28, 2021, 5:14am

Hey @yuzhang ,

The Access token used to get the connections using the api/v2/connections emdpoint seems to be missing the read:connections scope, can you grab the Access token from the request Authorization header and check on jwt.io, Also how do you issue access tokens for your api/v2/connections calls?

Regards,
Sid

yuzhang · January 28, 2021, 7:02pm

thank you for the reply Sid @sidharth.chaudhary , I checked on jwt and got:
{
“aud”: “dEFWoP9SqRspFXXtVj4ExMD9P4y5Ge5e”,
“scopes”: {
“logs”: {
“actions”: [
“read”
]
}
},
“iat”: 1467926079,
“jti”: “d4bbe9c2e27b7475d98e3380787d0360”
}

still trying to figure out how we issued that, but what confused me is it worked well previously (~3yr), why did it stop working recently?

Yu

yuzhang · January 29, 2021, 6:05pm

@sidharth.chaudhary hi Sid could you take a look ^

sidharth.chaudhary · February 1, 2021, 3:47am

Hey @yuzhang , this does not seem like a Management API access token, the “aud”,which is short for Audience should be in the format : https://your_tenant_name/api/v2/.

Can you DM me the HAR file or Request/Response dump of the management API call?
Method to get HAR File : Generate and Analyze HAR Files

yuzhang · February 2, 2021, 6:55am

hi @sidharth.chaudhary , I tried some approaches but seems I cannot send you the har since I reproduced that from postman. I wanted to DM you our access token but I can’t because of security concern.
I can provide you our tenant name: purestorage US-1(Prod), and this is the request:
url:
https://purestorage.auth0.com/api/v2/connections

header:
Content-Type: application/json
Authorization: Bearer xxx

body:
{
“strategy”: “samlp”,
“fields”: “name,options”,
“per_page”: 50,
“page”: 1
}

Hope this can help you figure it out! Thank you

Yu

yuzhang · February 2, 2021, 7:06pm

btw do you have more efficient way to communicate? like taking with a support engineer?

yuzhang · February 2, 2021, 9:46pm

nvm I filed a support ticket

konrad.sopala · February 3, 2021, 12:31pm

It will be great if you can share the final solution once you have it for the benefit of others!