Skip to main content
Solved

Postman query failing with "unauthorized" even though the token is a member of an appropriate group

A
Seasoned

This will take a while to explain...I have Postman connecting to CDF with a “Client Credentials” token
I can then send queries for simple things like inspecting the token. This is what is returned:
{
    "subject": "ce8f2088-da91-4918-a028-372047200451",
    "projects": [
        {
            "projectUrlName": "ra-ftmosaixsandbox",
            "groups": [
                4341646182160549,
                7415122489150445
            ]
        }
    ],
    "capabilities": [
        {
            "groupsAcl": {
                "actions": [
                    "LIST",
                    "READ",
                    "CREATE",
                    "UPDATE",
                    "DELETE"
                ],
                "scope": {
                    "all": {}
                }
            },
            "projectScope": {
                "projects": [
                    "ra-ftmosaixsandbox"
                ]
            }
        },
        {
            "projectsAcl": {
                "actions": [
                    "LIST",
                    "READ",
                    "UPDATE"
                ],
                "scope": {
                    "all": {}
                }
            },
            "projectScope": {
                "projects": [
                    "ra-ftmosaixsandbox"
                ]
            }
        }, . . . . .

Note that it is a member of groups 4341646182160549 and 7415122489150445. The first of these is listed below (this is from CDF “Manage Access” page):

4341646182160549 DEV AAD- SWC_DATA_Cognite_Dev_TenantAdmin groups:listgroups:readgroups:creategroups:updategroups:deleteprojects:listprojects:readprojects:update

 

It is clear that the token should have the “groups:list” capability.

Yet when I run that query in Postman, this is what I get:
{
    "error": {
        "code": 403,
        "message": "Unauthorized"
    }
}

What am I missing? It seems to me that the query should succeed

Thanks
Adrian

Best answer by Adrian Dams

I found the problem. It was the incorrect {{project}} in the url. Changed it to the correct one and it works correctly

View original
Did this topic help you find an answer to your question?

2 replies

A
Seasoned
  • Adrian Dams
  • Author
  • Seasoned
  • 8 replies
  • Answer
  • February 3, 2023

I found the problem. It was the incorrect {{project}} in the url. Changed it to the correct one and it works correctly

C
Seasoned Practitioner
  • Carin Meems
  • Seasoned Practitioner
  • 223 replies
  • February 3, 2023

Hi @Adrian Dams,

Glad to hear you were able to sort this out. 

Enjoy your weekend!

Carin

Reply


Terms & ConditionsCookie Settings

Cookie Policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie Settings