After completing the tasks in the previous sections, test the responses you receive for access tokens for any client other than client1 or client2.

  • To test that an access token for any client other than client1 or client2 is rejected, run the following.
    curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "nonexistent.client"}'
    
    Successful completion of the tasks in the previous sections will result in the following response.
    {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"401","scimType":"The client is not authorized to request this resource.","detail":"unauthorized_client"}
  • To test that an access token for client1 is accepted, run the following.
    curl --insecure -X GET https://localhost:7443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub": "user.1", "scope": "email", "client_id": "client1"}'
    
    Successful completion of the tasks in the previous sections will result in the following response.
    {"id":"355a133d-58ea-3827-8e8d-b39cf74ddb3e","meta":{"resourceType":"Users","location":"https://localhost:7443/scim/v2/Users/355a133d-58ea-3827-8e8d-b39cf74ddb3e"},"schemas":["urn:pingidentity:schemas:store:2.0:UserStoreAdapter"],"mail":["user.1@example.com"]}