on 11-20-2014 8:24 AM
Hi All,
I have written a Java code which POST parameters - client_id, client_secret, grant_type, assertion, $format to "/api/v1/auth/token".
This is based on the OAuth2.0 token mechanism explained in JAM developer guide - http://help.sap.com/download/documentation/sapjam/developer/index.html#auth/concepts/SAMLOptionsForS...
But when I do the POST to this URL, it returns a invalid_scope error in the response body. (HTTP code 400).
Any idea how to get around this issue?
Thanks,
Mahesh
Hi Mahesh,
There is no scope request parameter needed. It is hard to know precisely what is the issue without the trace of your call, such as provided, for example, by Fiddler. For example, here is a call that I made showing traced through Fiddler showing how this flow works. My suspicion is that you may have a typo in the grant_type parameter, which should be urn:ietf:params:oauth:grant-type:saml2-bearer with the colons escaped as below.
The HTTP request:
POST https://jamN.sapjam.com/api/v1/auth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Java/1.7.0_45
Host: jamN.sapjam.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 3202
client_id=i7Gb...x8D3vZ4&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-bearer&assertion=PEFzc...W9uPg%3D%3D
The HTTP response:
HTTP/1.1 200 OK
Date: Thu, 27 Nov 2014 22:13:44 GMT
Server: Apache
ETag: "f5caac8abf77eeb7cff782242d8d0f31"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 54ffb30f21bf2258e0f1607b5124da08
X-Runtime: 0.247811
X-Rack-Cache: invalidate, pass
Status: 200 OK
Vary: Accept-Encoding
Connection: close
Content-Type: application/json; charset=utf-8
Content-Length: 59
{"access_token":"As3Uv...hVMswcBV"}
Thanks,
Bo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Based on my analysis, /api/v1/auth/token destination in JAM should have an OAuth scope defined. This needs to be passed with the POST request as parameter - "scope".
Any idea what would be this parameter?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.