Updating an OAuth client fails with Incorrect Error Message

Developer Tools
1

The following put fails with "message": "Client roles must not exceed the creating user", but as you can see on the Get ME call I have the role I am trying to assign to the oauth client.

PUT /api/v2/oauth/clients/3d1379f9-2216-4fca-8f43-bda768d4b3cc

{
    "name": "AVDS_Support",
    "accessTokenValiditySeconds": 86400,
    "registeredRedirectUri": [],
    "secret": "[Really??!?!]",
    "roleIds": [
        "d5a59f69-46ea-4ddb-99b9-186e6335d909",
        "6c383e72-7840-4223-ae57-95fe41a276dd"
    ],
    "dateCreated": "2018-03-13T18:01:21Z",
    "dateModified": "2018-03-13T18:01:21Z",
    "authorizedGrantType": "CLIENT-CREDENTIALS",
    "organizationId": "1be475f8-2730-4c31-8a09-70bb1f30001c",
    "authorizedGrantTypes": [
        "CLIENT-CREDENTIALS"
    ],
    "modifiedById": "ccdf116b-2335-4879-a200-a7c7427ee405",
    "createdById": "ccdf116b-2335-4879-a200-a7c7427ee405",
    "selfUri": "/api/v2/oauth/clients/3d1379f9-2216-4fca-8f43-bda768d4b3cc"
}

GET /api/v2/users/me?expand=authorization

{
    "name": "Chris Kelly",
    "state": "active",
    "title": "Application Developer",
    "authorization": {
        "roles": [
            {
                "id": "d5a59f69-46ea-4ddb-99b9-186e6335d909",
                "name": "AVDS_Support"
            },
            {
                "id": "6c383e72-7840-4223-ae57-95fe41a276dd",
                "name": "Master Admin"
            },
            {
                "id": "fb80900e-deb7-4f50-9e3c-275f8810a588",
                "name": "admin"
            }
        ],
    }
}
2

FYI this was because the role was granted to the group instead to me specifically. Once I went back and added my individual user to the OrgTrust and granted the same roles it worked. This seems like a bug to me, in that the group role was not honored on the permission check.

3

API-3466 has been created to check for derived permissions. Thanks for reporting!

4

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.