Token Introspect API not working after changing the regex restriction for username in WSO2 IS 5.9.0?

Question

I am using WSO2 Identity server and using email as username from following documentation- https://is.docs.wso2.com/en/5.9.0/learn/using-email-address-as-the-username/

Then while performing a sign-up ie create users using SCIM2 APIs with email more than 30 characters i was getting the following error-

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "scimType": "invalidValue",
    "detail": "31301 - Username test1233.admin@motioneducation.com is not valid. User name must be a non null string with following format, ^[\\S]{3,30}$",
    "status": "400"
}

Then to fix this i added this regex expression in deployment.toml file in user store-

[user_store]
username_java_script_regex = '^[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$'
username_java_regex='^[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'

This change fixed my sign-up problem but the token generated by performing login using wso2 /oauth2/token API is giving 401 unauthorized in /oauth2/introspect API?

Please Help........?

Answer 1

Since you have enabled email as username, then you need to use the email username in the authorization header also. A sample curl command is given below.

curl --location --request POST 'https://{host_name}:{port}/oauth2/introspect' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Authorization: Basic {base64encode(emailusername:password)}' --data-urlencode 'token={access_token}'

Sample request

curl --location --request POST 'https://localhost:9443/oauth2/introspect' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Authorization: Basic YWRtaW5Ad3NvMi5jb206YWRtaW4=' --data-urlencode 'token=47f65812-c5fb-3f90-b5c0-3bbc3603578f'

401 unauthorized error comes only if you are sending invalid credentials. So please check whether you are sending valid emailusername and valid password in authorization header