Forum Stats

  • 3,839,830 Users
  • 2,262,539 Discussions
  • 7,901,065 Comments

Discussions

Oracle IDCS - How to authenticate the /admin/v1/users API endpoint

User_Y59QJ
User_Y59QJ Member Posts: 4 Green Ribbon
edited Jan 26, 2022 11:54PM in OCI Security

I trying to get a list of users from Oracle IDCS using the /admin/v1/users endpoint but I'm getting access denied:

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error","urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"],"detail":"You are not allowed to perform this action.","status":"401","urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error":{"messageId":"error.identity.User.accessDenied"}}

What I've tried so far:

I got an access_token by calling the /token endpoint via a Client_Credentials login and I'm using this as the bearer token in the Authorization header. I called the /token endpoint using a scope parameter of ```urn:opc:idm:__myscopes__```. The access_token is accepted but I'm get access denied.

According to my understanding from these docs it seems we can add AppRoles to an Application to give it permissions. I haven't found a way to actually do this though. I wonder if we can add the User Administrator AppRole here to fix the problem?

https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/RequiredRolePerEndpointExt.html