Got 403 when requesting /connections

We repeatedly get a list of connection from api/v2/connections since a long ago, but recently it started to fail. Can someone help figure out what’s happening?

It returned {
“statusCode”: 403,
“error”: “Forbidden”,
“message”: “Insufficient scope, expected any of: read:connections”,
“errorCode”: “insufficient_scope”
}

Hey @yuzhang ,

The Access token used to get the connections using the api/v2/connections emdpoint seems to be missing the read:connections scope, can you grab the Access token from the request Authorization header and check on jwt.io, Also how do you issue access tokens for your api/v2/connections calls?

Regards,
Sid

1 Like

thank you for the reply Sid @sidharth.chaudhary , I checked on jwt and got:
{
“aud”: “dEFWoP9SqRspFXXtVj4ExMD9P4y5Ge5e”,
“scopes”: {
“logs”: {
“actions”: [
“read”
]
}
},
“iat”: 1467926079,
“jti”: “d4bbe9c2e27b7475d98e3380787d0360”
}

still trying to figure out how we issued that, but what confused me is it worked well previously (~3yr), why did it stop working recently?

Yu

@sidharth.chaudhary hi Sid could you take a look ^

Hey @yuzhang , this does not seem like a Management API access token, the “aud”,which is short for Audience should be in the format : https://your_tenant_name/api/v2/.

Can you DM me the HAR file or Request/Response dump of the management API call?
Method to get HAR File : https://auth0.com/docs/troubleshoot/har

1 Like

hi @sidharth.chaudhary , I tried some approaches but seems I cannot send you the har since I reproduced that from postman. I wanted to DM you our access token but I can’t because of security concern.
I can provide you our tenant name: purestorage US-1(Prod), and this is the request:
url:
https://purestorage.auth0.com/api/v2/connections

header:
Content-Type: application/json
Authorization: Bearer xxx

body:
{
“strategy”: “samlp”,
“fields”: “name,options”,
“per_page”: 50,
“page”: 1
}

Hope this can help you figure it out! Thank you

Yu

btw do you have more efficient way to communicate? like taking with a support engineer?

nvm I filed a support ticket

1 Like

It will be great if you can share the final solution once you have it for the benefit of others!