403 'Missing General Scope' returned while trying to access Jazz application via direct client using a Bearer token
Using CLM 6.0.6 with a Jazz authorization server (JAS).
We have developed a third party RM provider, registered our RM provider with JAS. All the Jazz applications and our application work as expected. Needs to sign on once and browser never asks for the login again.
After successful login, every application gets an access token. Later on for direct data access (rest api call) from server A to server B (both registered with same JAS), this access token can be used in Authorization header like Authorization: Bearer sdf78ui.
When we try to access Jazz application's data directly using our access token in Authorization header, we get 403 Forbidden error. Detailed error message is as follows:
Can somebody help, what we are missing here?
|
One answer
This problem is resolved, on an unauthenticated request to our resource, we were sending the redirect to the JAS. During that redirect, we were supposed to define the proper scope. 'openid profile email general' made things work in our case. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
If I query my application's registration from JAS, I get the following data along with some other information.