using proxy with postman - Principal is not in an authorized role

[imrago-medxnote]

When attempting to use the proxy using postman to get back a resource from FHiR, I am getting this error:

401

{
"severity": "error",
"code": "auth-access",
"diagnostics": "Principal is not in an authorized role"
}

What could be wrong with the service principal used to access the proxy?

[daemel]

We need a bit more information to help, We do not want you to post ID's, Secrets or Tokens, but to start you should take the following steps

• share the Auth Endpoint you are using to get a token - it should look something like this: https://login.microsoftonline.com/{{tenantId}}/oauth2/token
• take the corresponding token above and paste it into https://jwt.ms, somewhere in the decoded information you should see roles of "Writer", and "Reader"

if those roles are missing, you are likely missing this step https://github.com/microsoft/fhir-proxy/tree/main/scripts#step-3--grant-admin-access-portal

[ACMoretxj]

Hello @daemel, I also got the 401 response, and with the response body:

You do not have permission to view this directory or page.

I've finished step 3. I can get access token but can't find the Writer and Reader roles inside the token, here is my request body while getting token, did I get something wrong?

curl --location --request POST 'https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=client_credentials' \
    --data-urlencode 'scope=${FP-SC-URL}/.default' \
    --data-urlencode 'client_id=${FP-SC-CLIENT-ID}' \
    --data-urlencode 'client_secret=${FP-SC-SECRET}'

[imrago-medxnote]

It started to work for me, my error was that when getting the token I used sfp-proxy instead of fpsc-client as client_id.
fpsc_client does have the READER and WRITER roles and it started to work.