wso2 API-M : Got 401 Unauthenticated result by using wso2 API-M store rest api

0
votes

Got 401 Unauthenticated result by using wso2 API-M store rest api

Environment :

  • wso2 API-M + wso2 Identity server (Key manager) and they shared the same user store.
  • 2 service providers(publisher and store) and 2 identity providers(Google and Facebook) in the carbon.super tenant.
  • APIM SSO service is enabled and issuer IDs follow above.
  • Enable OAuth2.0 users(Google and Facebook) to login.
  • 3 tenants (carbon.super , TA and TB) in the environment.
  • Publisher SP and Store SP are both in SaaS mode.

referance :

https://docs.wso2.com/display/AM1100/apidocs/store/#!/operations#ApplicationindividualApi#applicationsPost

Step:

1 : Got access token with apim:subscribe scope

2 : Access create application api

Then the response got the 401 error.

APIM server log :

==> ./repository/logs/wso2carbon.log <== 
TID: [-1234] [] [2016-06-20 02:36:54,931] ERROR {org.wso2.carbon.apimgt.rest.api.util.impl.WebAppAuthenticatorImpl} - You cannot access API as scope validation failed {org.wso2.carbon.apimgt.rest.api.util.impl.WebAppAuthenticatorImpl} 

==> ./repository/logs/wso2-apigw-errors.log <== 
2016-06-20 02:36:54,931 [-] [http-nio-9443-exec-20] ERROR WebAppAuthenticatorImpl You cannot access API as scope validation failed
1
wso2wso2iswso2-am
I try to install an independent API-M to test the credential from playground2 and what I test are the following: 1 : Got access token with apim:subscribe scope 2 : Access create application api The result is correct but in the cluster environment is still fail. Can somebody help me to solve it?羊湯姆
I try to login to store via UI and then system will create a default application for me. Then repeat step 1 and use the access token to generate application token successfully via REST API.羊湯姆
Are you using API-M version 1.10 ? Can you login to store UI within cluster environment and generate token ?Dilshani Subasinghe

1 Answers

0
votes

Please check roles and scope available in /_system/config/apimgt/applicationdata/tenant-conf.json file.

Then request token with scopes/roles mentioned there. Then you will get access token with correct scope. Once you got correct token with scope you will not see this error. Please note that tokens with default scope cannot use for REST API functionalities.

Thanks

sanjeewa