Testing the audience policy with cURL - PingAuthorize

Testing the audience policy with cURL - PingAuthorize - 9.2

PingAuthorize

bundle

pingauthorize-92

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 9.2

category

ContentType

Product

Productdocumentation

paz-92

pingauthorize

ContentType_ce

Product documentation

To confirm that you successfully completed the previous task, test the audience policy with cURL.

To test that an access token without a specific audience value is rejected, run the following.

curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1"}'

Successful creation of the audience policy will result in the following.

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"403","scimType":
"invalid_token","detail":"The access token was issued for a different audience."}

To test that an access token with an audience value of https://example.com is accepted, run the following.

curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1", "aud": "https://example.com"}'

Successful creation of the audience policy will result in the following.


{"id":"355a133d-58ea-3827-8e8d-b39cf74ddb3e","meta":{"resourceType":"Users",
"location":"https://localhost:7443/scim/v2/Users/355a133d-58ea-3827-8e8d-b39cf74ddb3e"},
"schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"mail":["user.1@example.com"]}