Hi All
We have tried wM as authorization server in API GW and it worked fine. We are trying to setup oAuth2 Authentication using external server authorization and for that Azure AD is the oAuth provider.
At Azure side we have setup the APP registration and scope and all those and when we generated the token we see the token is getting generated.
hi @parre.abhijith,
I see the only reason for error is that we have not done the scope mapping.
As you said you have done the scope mapping oi dont se need to do anything with respect to the dynamic client registration. We need to pass the discovery url and rest should get populated.
As i dont have azure provider , I will use local Auth server will try to replicate it.
Please check the issuer present in the JWT is same as the one configured in the authorization server issuer in the Local introspection section Abhijith : Yes they are the same.
Validate the scope mapping Abhijith : Yes scope is also correct.
3.Ensure the clientid and audience are matching with the JWT and the strategy of the application created. Abhijith : They are matching.
hi @parre.abhijith ,
I created the POC with local auth server and i can see i am getting the invalid token error in the case when i remove the mapping from the scope.
In you case you are using Azure, so only point i can think of is some access related issue at azure end when the token is generated.
This token is has limited access maybe be because of which it is giving the token is invalid.
Thanks for the response i have raised a ticket with SAG and it is now solved.
Azure generates JWT tokens even if we select oAuth details. So we had to do the below steps
In the local introspection gave the url of issuer generated from token(meaning Azure is giving one introspection url but when the token is requested the iss is different in my case atleast
