Testing the audience policy with cURL
To confirm that you successfully completed the previous task, test the audience policy with cURL.
Steps
-
To test that an access token without a specific audience value is rejected, run the following.
curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1"}'
Result:
Successful creation of the audience policy will result in the following.
{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"403","scimType": "invalid_token","detail":"The access token was issued for a different audience."}
-
To test that an access token with an audience value of
https://example.com
is accepted, run the following.curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1", "aud": "https://example.com"}'
Result:
Successful creation of the audience policy will result in the following.
{"id":"355a133d-58ea-3827-8e8d-b39cf74ddb3e","meta":{"resourceType":"Users", "location":"https://localhost:7443/scim/v2/Users/355a133d-58ea-3827-8e8d-b39cf74ddb3e"}, "schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"mail":["user.1@example.com"]}