Testing the audience policy with cURL - PingAuthorize - 9.1

PingAuthorize

bundle
pingauthorize-91
ft:publication_title
PingAuthorize
Product_Version_ce
PingAuthorize 9.1
category
ContentType
Product
Productdocumentation
paz-91
pingauthorize
ContentType_ce
Product documentation

Test the audience policy with cURL.

  1. To test that an access token without a specific audience value is rejected, run the following.
    curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1"}'
    Successful creation of the audience policy will result in the following.
    {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"403","scimType":
    "invalid_token","detail":"The access token was issued for a different audience."}
  2. To test that an access token with an audience value of https://example.com is accepted, run the following.
    curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1", "aud": "https://example.com"}'
    Successful creation of the audience policy will result in the following.
    
    {"id":"355a133d-58ea-3827-8e8d-b39cf74ddb3e","meta":{"resourceType":"Users",
    "location":"https://localhost:7443/scim/v2/Users/355a133d-58ea-3827-8e8d-b39cf74ddb3e"},
    "schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"mail":["user.1@example.com"]}