Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access denied [Scope validation failed] when API is part of API Product #9766

Open
emiliobristech opened this issue Jan 22, 2021 · 2 comments
Open

Access denied [Scope validation failed] when API is part of API Product #9766

emiliobristech opened this issue Jan 22, 2021 · 2 comments
Labels
Priority/Normal Type/Bug

Comments

@emiliobristech
Copy link

emiliobristech commented Jan 22, 2021
edited

Description:

Access denied to resource with URL template (ie: /url/{variable}) in API product.

Here is few more details with print screens: https://stackoverflow.com/questions/65835269/wso2-api-manager-scope-validation-failed

Steps to reproduce:

There are two API resources published:

  1. GET /api/user/{userId}
  2. POST /api/user

Both APIs works with OAuth2 token if I call without adding them on API Product.

When I add those resources to API Product resource 1 does not work throwing following message:

	<ams:fault
	  xmlns:ams="http://wso2.org/apimanager/security">
	  <ams:code>900910</ams:code>
	  <ams:message>The access token does not allow you to access the requested resource</ams:message>
	  <ams:description>User is NOT authorized to access the Resource: /servico-vault/accounts/{userId}. Scope validation failed.</ams:description>
	</ams:fault>

Resource 2 does work.

I believe there is a bug on resources with URL template in API product since the one without template does work and the other with template does work if it is called directly, out of API Product.

Update: If I change endpoint from GET /api/user/{userId} to GET /api/user/{userId}/list, it does work. It seems that if URL variable is the last part of URI, something goes wrong.

Update (2021-02-06): Similar situation also happens in other APIs, when I restart server the error goes away. There is no exception or message that could help. I believe it is a critical bug because it will make API Product unusable!

Update (2021-04-06): If I delete API product and recreates, sometimes problem goes away, sometimes another endpoints gets into same situation.

Update (2021-04-09): It doesn't matter how URL is, this error happens in different scenarios but the best workaround I found is to create new version of API Product whenever it gets updated. Am I doing something wrong? Is there something else in same situation? Or API product should not be used?

Affected Product Version:

WSO2AM v3.2.0.

Environment details (with versions):

  • OS: Windows 10
  • Client: Insominia
  • Env (Docker/K8s): N/A

Optional Fields

Related Issues:

N/A

Suggested Labels:

bug
@emiliobristech
Copy link
Author

Guys, I believe this error should be threated as critical since it is hard to use API Product in production environment. This error happens very frequently and recreate API product all the time is not the best solution.

@emiliobristech
Copy link
Author

@msm1992 could you please check this issue? Thanks

@nadiaguedess nadiaguedess mentioned this issue Feb 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority/Normal Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emiliobristech