Testing the client policy with cURL
To confirm that you successfully completed the tasks from the previous section, test the client policy with cURL.
About this task
After completing the tasks in the previous sections, test the responses you receive for access tokens for any client other than client1 or client2.
Steps
-
To test that an access token for any client other than client1 or client2 is rejected, run the following.
curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "nonexistent.client"}'
Result:
Successful completion of the tasks in the previous sections will result in the following response.
{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"401","scimType":"The client is not authorized to request this resource.","detail":"unauthorized_client"}
-
To test that an access token for client1 is accepted, run the following.
curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1"}'
Result:
Successful completion of the tasks in the previous sections will result in the following response.
{"id":"355a133d-58ea-3827-8e8d-b39cf74ddb3e","meta":{"resourceType":"Users","location":"https://localhost:7443/scim/v2/Users/355a133d-58ea-3827-8e8d-b39cf74ddb3e"},"schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"mail":["user.1@example.com"]}