Got 403 when requesting /connections

yuzhang · January 28, 2021, 1:35am

We repeatedly get a list of connection from api/v2/connections since a long ago, but recently it started to fail. Can someone help figure out what’s happening?

It returned {
“statusCode”: 403,
“error”: “Forbidden”,
“message”: “Insufficient scope, expected any of: read:connections”,
“errorCode”: “insufficient_scope”
}

sidharth.chaudhary · January 28, 2021, 5:14am

Hey @yuzhang ,

The Access token used to get the connections using the api/v2/connections emdpoint seems to be missing the read:connections scope, can you grab the Access token from the request Authorization header and check on jwt.io, Also how do you issue access tokens for your api/v2/connections calls?

Regards,
Sid

yuzhang · January 28, 2021, 7:02pm

thank you for the reply Sid @sidharth.chaudhary , I checked on jwt and got:
{
“aud”: “dEFWoP9SqRspFXXtVj4ExMD9P4y5Ge5e”,
“scopes”: {
“logs”: {
“actions”: [
“read”
]
}
},
“iat”: 1467926079,
“jti”: “d4bbe9c2e27b7475d98e3380787d0360”
}

still trying to figure out how we issued that, but what confused me is it worked well previously (~3yr), why did it stop working recently?

Yu

yuzhang · January 29, 2021, 6:05pm

@sidharth.chaudhary hi Sid could you take a look ^

sidharth.chaudhary · February 1, 2021, 3:47am

Hey @yuzhang , this does not seem like a Management API access token, the “aud”,which is short for Audience should be in the format : https://your_tenant_name/api/v2/.

Can you DM me the HAR file or Request/Response dump of the management API call?
Method to get HAR File : Generate and Analyze HAR Files

yuzhang · February 2, 2021, 6:55am

hi @sidharth.chaudhary , I tried some approaches but seems I cannot send you the har since I reproduced that from postman. I wanted to DM you our access token but I can’t because of security concern.
I can provide you our tenant name: purestorage US-1(Prod), and this is the request:
url:
https://purestorage.auth0.com/api/v2/connections

header:
Content-Type: application/json
Authorization: Bearer xxx

body:
{
“strategy”: “samlp”,
“fields”: “name,options”,
“per_page”: 50,
“page”: 1
}

Hope this can help you figure it out! Thank you

Yu

yuzhang · February 2, 2021, 7:06pm

btw do you have more efficient way to communicate? like taking with a support engineer?

yuzhang · February 2, 2021, 9:46pm

nvm I filed a support ticket

konrad.sopala · February 3, 2021, 12:31pm

It will be great if you can share the final solution once you have it for the benefit of others!

Topic		Replies	Views
Update Callback URL using API Help test , other	2	908	October 10, 2023
Patch user data/ Gain management access_token Help	2	2020	December 21, 2022
Auth0 permissions error: read:user_idp_tokens Help auth0	2	1789	December 22, 2022
Forbidden: Insufficient scope, expected one of: read:users AND read:roles, OR read:role_members Help auth0 , api , rules , management-api , access-token	4	5613	July 28, 2022
Unable to get connections data using management api Help connections , custom-database-connections	1	14	October 29, 2024

Got 403 when requesting /connections

Related Topics