CODEWITHSUNDEEP
gooauth-2.0
Eric Broda
Eric Broda

Reputation: 7231

hydra - creating policy using curl fails with invalid scope

I have successfully configured ory/hydra OAUTH server and it seems to be working well. However, I am trying to create a policy using "curl" instead of the provided CLI and am running into an error:

{"error":{"code":500,"message":"A validator returned an error: The requested scope is invalid, unknown, or malformed"}}

The error, unfortunately, is not detailed enough to allow me to determine a root cause.

Here is the request that I am issuing via curl:

curl -k -X POST -H Authorization: bearer aValidBearerToken \
    -d {"id":"policy-001", "description":"some description", "subjects":["aValidClient"], "actions":["read"], "effect":"allow", "resources":["aResource"] } \
    https://localhost:4444/policies

Also, I have verified that I have a valid bearer token.

Any ideas are appreciated!

Upvotes: 0

Views: 197

Answers (1)

Eric Broda
Eric Broda

Reputation: 7231

I found out the issue -- as the error message stated, I have an invalid scope, which could only be caused by the bearer token being generated with an invalid scope. Sure enough, I had created the bearer token with the scope 

"hydra.clients"

and it should have been:

"hydra hydra.clients"

The added "hydra" allowed the permission to create policies which was not available with the previously defined scope "hydra.clients" (which only allowed clients to be created)

Upvotes: 1

Related Questions