IBM Security Verify

 View Only
Expand all | Collapse all

OAuthMappingExtUtils.getTokens returns empty array

  • 1.  OAuthMappingExtUtils.getTokens returns empty array

    Posted Fri October 29, 2021 04:59 AM
    Hi,

    I can't understand, why OAuthMappingExtUtils.getTokens can always return an empty array. By the customer the counter of the tokens grows and limit_oauth_grants_per_user_per_client works fine. Each time I get an access token (using client credentials flow) the "Current number of grants for ..." counter increases. But in the lab it stays 0. So i founded out that OAuthMappingExtUtils.getTokens in the lab always returns an empty array. I double checked that setting of the Definition are identical. The preToken/postToken mapping rules are the same. But in AAC->Grants in the lab I see an enpty list of grands for a client and by the customer I see there a list of grands.
    What are the possible reasons, that a list of grands stays empty even if a client gets Tokens?

    ​​

    ------------------------------

    Best Regards
    Ivan Yartsev
    ------------------------------


  • 2.  RE: OAuthMappingExtUtils.getTokens returns empty array

    Posted Wed December 01, 2021 06:06 AM
    Hi Ivan,

    What OAuth grant type flow is the customer using to get Access Tokens?  The per-user-per-client functionality implies that they are using a flow that authenticates a user and obtains a delegated token (e.g. Authorization Code flow or ROPC flow).  The client_credentials flow you are using doesn't involve a client authentication and so perhaps that doesn't save the tokens in the same way?

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------