kellcomnet | 2018-06-12 20:19:51 UTC | #1
The following put fails with "message": "Client roles must not exceed the creating user", but as you can see on the Get ME call I have the role I am trying to assign to the oauth client.
PUT /api/v2/oauth/clients/3d1379f9-2216-4fca-8f43-bda768d4b3cc
{ "name": "AVDS_Support", "accessTokenValiditySeconds": 86400, "registeredRedirectUri": [], "secret": "[Really??!?!]", "roleIds": [ "d5a59f69-46ea-4ddb-99b9-186e6335d909", "6c383e72-7840-4223-ae57-95fe41a276dd" ], "dateCreated": "2018-03-13T18:01:21Z", "dateModified": "2018-03-13T18:01:21Z", "authorizedGrantType": "CLIENT-CREDENTIALS", "organizationId": "1be475f8-2730-4c31-8a09-70bb1f30001c", "authorizedGrantTypes": [ "CLIENT-CREDENTIALS" ], "modifiedById": "ccdf116b-2335-4879-a200-a7c7427ee405", "createdById": "ccdf116b-2335-4879-a200-a7c7427ee405", "selfUri": "/api/v2/oauth/clients/3d1379f9-2216-4fca-8f43-bda768d4b3cc" }
GET /api/v2/users/me?expand=authorization
{ "name": "Chris Kelly", "state": "active", "title": "Application Developer", "authorization": { "roles": [ { "id": "d5a59f69-46ea-4ddb-99b9-186e6335d909", "name": "AVDS_Support" }, { "id": "6c383e72-7840-4223-ae57-95fe41a276dd", "name": "Master Admin" }, { "id": "fb80900e-deb7-4f50-9e3c-275f8810a588", "name": "admin" } ], } }
kellcomnet | 2018-06-12 22:03:03 UTC | #2
FYI this was because the role was granted to the group instead to me specifically. Once I went back and added my individual user to the OrgTrust and granted the same roles it worked. This seems like a bug to me, in that the group role was not honored on the permission check.
tim.smith | 2018-06-13 17:41:56 UTC | #3
API-3466 has been created to check for derived permissions. Thanks for reporting!
system | 2018-07-14 17:41:57 UTC | #4
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 2998