OAuth Authorization with HTTP URL Aliases

Hi,

Did anyone try securing RESTful API with OAuth token by configuring HTTP URL Aliases for the API ? When I tried to do it, I’m getting the following error message:

403 Forbidden


error=insufficient_scope

error_description=[ISS.0010.8046] Integration Server rejected the request to access this resource. The access token's scope is insufficient to access the resource.

As well, the above error message was expected to be in application/json format, however., it is coming back as a text/html. The content type of application/json has been set in the actual API service in the setResponse service.

Any ideas ?

Thanks
SS

Hi,

Please check if you added the IS service or package in the scope parameters in OAuth screen and also check if the particular client has access to it?

Thanks,
Sathya

Yes, those were accurate. Only challenge with these is when we use URL alias.

Hi,

Set this property and try.

watt.server.url.alias.partialMatching=true

Thanks,
sathya

Hi,

I am facing similar issue in 10.3 server.

I have an OAuth server where I have created client, scope and generated tokens.

I am trying to access a resource in my resource server by using OAuth validation from OAuth servre and receiving error as 403 forbideen.

I have tried setting the property as well.

watt.server.url.alias.partialMatching=true

Can you share your inputs

Hi Jacob,

Could you also check on these probable causes for resolving 403 status:

  • The access token was procured for a scope that does not cover the API being accessed.
  • During the phase to provide consent, the user that provided the consent is not the resource owner or owner of the API being accessed.
  • The access token expired or is not valid to access the resource any longer.
  • The authorization server revoked access privileges to a particular resource.

Please let us know how it goes:

HTH,
RMG

1 Like

I had the same error as well. Make sure that Folders and Services in the Defined Scope was the issue. You need to make sure the URL resource is specified within it. For example, if the rest endpoint defined is “http://:/restv2/MyPaper” you need to add MyPaper within the Folders and Services of the Defined Scope.