PingAuthorize

Testing the audience policy with cURL

To confirm that you successfully completed the previous task, test the audience policy with cURL.

Steps

  1. To test that an access token without a specific audience value is rejected, run the following.

    curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1"}'

    Result:

    Successful creation of the audience policy will result in the following.

    {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"403","scimType":
    "invalid_token","detail":"The access token was issued for a different audience."}
  2. To test that an access token with an audience value of https://example.com is accepted, run the following.

    curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1", "aud": "https://example.com"}'

    Result:

    Successful creation of the audience policy will result in the following.

    {"id":"355a133d-58ea-3827-8e8d-b39cf74ddb3e","meta":{"resourceType":"Users",
    "location":"https://localhost:7443/scim/v2/Users/355a133d-58ea-3827-8e8d-b39cf74ddb3e"},
    "schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"mail":["user.1@example.com"]}