Path error when trying to create (assign) permissions to a user via the management api

spopida · May 4, 2021, 3:20pm

Hi - I’m getting the following 400 error when attempting to assign permissions to a recently created user:

{
“statusCode”: 400,
“error”: “Bad Request”,
“message”: “Path validation error: ‘Object didn’t pass validation for format user-id-with-max-length: 60911603a5c3a9450ae5aea6’ on property id (ID of the user to assign permissions to).”,
“errorCode”: “invalid_uri”
}

The uri I am using is:

https://<my-tenant-domain/api/v2/users/60911603a5c3a9450ae5aea6/permissions

And the body of the POST is: {“permissions”:[“read:company_profile”]}

What’s going wrong here? I can’t see any documented limit on the user_id length. It’s easily confused with the username attribute, but that can’t be the issue - I am not using username, and the error is complaining about the URI path which contains the user_id, not the username

Thanks in advance

stephanie.chamblee · May 4, 2021, 4:08pm

Hi @spopida,

Welcome to the Community!

The user ID will follow the following pattern <connection name>|<user id in connection>

For example, a Google social connection user would look like this: google-oauth2|115088824167938831773

The pipe (|) will need to be URL encoded: %7C

The endpoint would be: https://YOUR_DOMAIN/api/v2/users/google-oauth2%7C115088824167938831773/permissions

Also, the body of the request should contain an array of objects like this:

{
  "permissions": [{
    "resource_server_identifier": "https://you-api-identifier/",
    "permission_name": "read:company_profile"
  }]
}

spopida · May 4, 2021, 6:50pm

Hi Stephanie - thanks so much for the prompt reply; really helpful. I got most of the way there after posting the question, but I don’t know how long it would have taken me to figure out the URL encoding. Out of interest, is this documented anywhere? I’m sure it must be, but I couldn’t see it in the API docs for this endpoint (e.g. it just says there needs to be an array of “object”). Anyway, thanks again.

stephanie.chamblee · May 4, 2021, 7:09pm

You’re welcome! Glad to hear it is helpful info.

There are a couple of places in the docs where the user ID format is documented (example), but I’m not sure if there is documentation for URL-encoding the user ID when calling the Management API.

Regarding the array of objects, I found the schema by calling the GET /api/v2/users/{id}/permissions endpoint to see what the array of objects should look like. I agree that it could be helpful to include the schema of the objects in the docs directly. I will pass on that feedback. Thank you!

spopida · May 4, 2021, 9:46pm

OK - well, many thanks again for the info - great support.

system · May 19, 2021, 9:47pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.