Saviynt Forums

Hi,

We tried the below json and di gives us an 401 error.

{
"authentications": {
"acctAuth": {
"authType": "BasicWithAccessToken",
"url": "https://<URL>/auth/oauth/token ",
"httpMethod": "POST",
"httpParams": {
"company_id": "COM003763",
"grant_type": "urn:iet-type:jwt-bearer",
"assertion": "eyJraWQiOiJlN2M2M2UyNy0zMTNiLTQ5Y2ItYjRiZS00MjI3MWQ1YTAzZmMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJtZXJ2aW4uci1leHRAYWxzdG9tZ3JvdXAuY29tIiwiY29tcGFueV9pZCI6IkNPTTAwMzc2MyIsImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4Njg2IiwicXVpY2tfY29kZSI6IjUxNTgiLCJjbGllbnRfaWQiOiJkZWZhdWx0X2NsaWVudCIsImF1dGhvcml0aWVzIjpbIkE4NyIsIkE0NCIsIkE0NSIsIkE0NiIsIkE0NyIsIkE0OCIsIlIyMCIsIlIyMiIsIlIyNCIsIlIyNyIsIlIyNiIsIlIyOSIsIkE1MCIsIkE1MiIsIkExMSIsIkExMiIsIkExMyIsIkcxMCIsIk0xMSIsIk0xMCIsIlIzMCIsIk0xMyIsIk0xMiIsIlIzMSIsIk0xOCIsIlZJRVdfQ09NUEFOWSIsIkE2MSIsIkE2MiIsIkE2NCIsIkEyMCIsIkE2NSIsIkEyMSIsIkEyMiIsIkE2NiIsIkE2NyIsIkEyMyIsIkE2OCIsIkEyNCIsIkE2OSIsIkEyNSIsIkEyNyIsIkE3MCIsIkE3MSIsIkE3MiIsIkEzMCIsIkE3NSIsIkEzMSIsIkE3NiIsIkEzMiIsIkE3NyIsIkEzMyIsIkE3OCIsIlIxMCIsIlIxMiIsIlIxMSIsIlIxNCIsIlIxMyIsIlIxNiIsIlIxNSIsIlIxOCIsIkE4MCIsIlIxNyIsIkE4MyIsIkE4NCIsIkE0MCIsIkE4NSIsIkE0MSIsIkE0MiJdLCJhdWQiOlsiYXV0aCIsImxlZ2FjeSJdLCJuYmYiOjE3MDUwNDUwNTAsInVzZXJfaWQiOiJDT00wMDM3NjMtVVNSMDAwNDAiLCJyZXN0cmljdGVkIjp0cnVlLCJvcmdhbml6YXRpb25fdHlwZSI6IkhFQURfT0ZGSUNFIiwiZXhwIjoxNzA1MTMxNDUwLCJpYXQiOjE3MDUwNDUwNTB9.VcGofe5NLbrNptLd2LAI7FnfKI5OLyC8A2Zyy5wgPI83L7NHGQ8L8PM_KFBBdzBr0a-zQKbFY4OW-jR1JZbX2toUj2lUqLyq2CsV5BsvO22vSFTpjyZiq4y4q0zl7hfQR-vzYp1d2-3s5ObuoKqND-L30P930VrDHZh-vyE04SFZle_LiGdPHhGnF3benLLAjnK4KUBMNGB0WQQu-7DcJMIJuCJS9juwnfBWKnr5J0NKwsERwUFhx2x0OMirTN_ADNwjqdAA6CzEogJFC9cVUaiwrA5RWQO21GEHJtDcQcui5rZcDJdTypVTpHRwmKMKkFfSBUhoYe3-Jh2XBTVq3w"
},
"httpHeaders": {"Accept": "application/json"},
"properties": {"userName": "xxxxxxxx","password": "xxxxxxxx"},
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [403,401,500],
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer xyz",

"refreshTokenErrorPath": "errorMessage",
"refreshTokenCall": {
"refreshTokenResponsePath": "access_token",
"url": "https://<url>/auth/oauth/token ",
"httpMethod": "POST",
"httpParams": {
"username": "zzzzzzzzz",
"password": "yyyyyyyy",
"grant_type": "password"
},
"httpHeaders": {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic ******"
},

"properties": {"userName": "default_client","password": "spring-security-oauth2-read-write-client-password1234"},
"httpContentType": "application/x-www-form-urlencoded"
}
}
}
}

It would be helpful if you could provide us a sample connection json where they have configured multiple calls to get a final access token. We are not using refresh token in our application.

[This message has been edited by moderator to mask sensitive info]

Hi,

Hi,

Any update on this ?

Hello @yogendragautam ,

Below is the sample, you can use to have multiple call.

{
   "authentications":{
      "userAuth":{
         "authType":"oauth2",
         "url":"https://<domain name>/<<TenantID>>/oauth2/token",
         "httpMethod":"POST",
         "httpParams":{
            "grant_type":"client_credentials",
            "client_secret":"<<ClientSecret>>",
            "client_id":"<<ClientID>>",
            "resource":"https://graph.microsoft.com/"
         },
         "httpHeaders":{
            "contentType":"application/x-www-form-urlencoded"
         },
         "httpContentType":"application/x-www-form-urlencoded",
         "expiryError":"ExpiredAuthenticationToken",
         "authError":[
            "InvalidAuthenticationToken"
         ],
         "timeOutError":"Read timed out",
         "errorPath":"error.code",
         "maxRefreshTryCount":5,
         "tokenResponsePath":"access_token",
         "tokenType":"Bearer",
         "accessToken":"Bearer abc"
      },
      "entAuth":{
         "authType":"oauth2",
         "url":"https://<domain name>/<<TenantID>>/oauth2/token",
         "httpMethod":"POST",
         "httpParams":{
            "grant_type":"client_credentials",
            "client_secret":"<<ClientSecret>>",
            "client_id":"<<ClientID>>",
            "resource":"https://graph.windows.net/"
         },
         "httpHeaders":{
            "contentType":"application/x-www-form-urlencoded"
         },
         "httpContentType":"application/x-www-form-urlencoded",
         "expiryError":"ExpiredAuthenticationToken",
         "authError":[
            "InvalidAuthenticationToken",
            "Authentication_MissingOrMalformed"
         ],
         "timeOutError":"Read timed out",
         "errorPath":"odata~dot#error.code",
         "maxRefreshTryCount":3,
         "tokenResponsePath":"access_token",
         "tokenType":"Bearer",
         "accessToken":"Bearer abcde"
      }
   }
}

 Thanks.

Hi Rushikesh,

You are correct, its multiple calls in the same connection.

I have tried the below approach.

Connection json:

{
    "authentications": {
        "acctAuth": {
            "authType": "oauth2",
            "url": "https://gtqaapi.multibankportal.com/auth/oauth/token",
            "httpMethod": "POST",
            "httpHeaders": {
                "Content-Type": "application/x-www-form-urlencoded",
        "Authorization": "Basic *****"
            },
            "httpParams": {
                "username": “ABCD”,
        "password": "******",
        "grant_type": "password"
            },
            "httpContentType": "application/x-www-form-urlencoded",
            "expiryError": "Authentication failed",
            "authError": [
                "HTTP ERROR",
                "USER_AUTHENTICATION_FAILED",
                "PARTNER_AUTHENTICATION_FAILED",
                "Authentication Failed",
                "Authentication failed.",
                "InvalidAuthenticationToken",
                "AuthenticationFailed",
                "invalid_client",
                "Authentication_MissingOrMalformed",
                "Authentication_ExpiredToken",
                "HTTP ERROR: 401",
                "401 Unauthorized",
                "401",
                "403",
                "400"
            ],
            "timeOutError": "Read timed out",
            "errorPath": "errors.message",
            "maxRefreshTryCount": 6,
            "tokenResponsePath": "access_token",
            "accessToken": "eyJraW",
            "retryFailureStatusCode": [
                401,
                400,
                403,
                500
            ]
        }
    }
}

The above JSON generates an access token value.

Next, to use the access token got from the Json above, I have added an logic in the ImportAcctEntJson.

{

   "accountParams":{

      "connection":"acctAuth",

      "processingType":"SequentialAndIterative",

      "deleteLinks":true,

      "call":{

         "call1":{

            "callOrder":0,

              "stageNumber": 0,

            "listField":"content",

            "keyField":"name",

            "http":{

               "url":https://gtqaapi.multibankportal.com/auth/oauth/token,

               "httpMethod":"POST",

               "httpContentType":"application/x-www-form-urlencoded",

                                                          "httpParams":{

                                                                        "grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer",

                                                                        "assertion":"${access_token}",

                                                                        "company_id":"COM003763"

                                                          },

                                                          "httpHeaders":{

                  "Authorization":"Basic ******"

               },

                                               "successResponses": {

        "statusCode": [

          201,

                               200

        ]

      }

            }

         },

                             "call2":{

            "callOrder":1,

              "stageNumber": 1,

            "listField":"content",

            "keyField":"name",

            "http":{

               "url":https://gtqaapi.multibankportal.com/auth/v1/companies/COM003763/users,

               "httpMethod":"GET",

               "httpContentType":"application/json",

               "httpHeaders":{

                  "Authorization":"Bearer ${response.call1.access_token}"

               }

            },

            "colsToPropsMap":{

               "accountID":"userId~#~char",

               "name":"username~#~char"

            },

                                           "successResponses": {

        "statusCode": [

          200,

                               201

        ]

      }

         }

      }

   }

}

In the above Json, call1 is where I have put the logic to make another token API call and I am passing the access token generated by the Connection Json. (Highlighted in Yellow above).

This call works and is generating another larger access token (shown in logs below).

Response:

[headers:[Date: Tue, 16 Jan 2024 11:14:39 GMT, Content-Type: application/json;charset=UTF-8, Transfer-Encoding: chunked, Connection: keep-alive, Vary: Accept-Encoding, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, Strict-Transport-Security: max-age=15724800; includeSubDomains, X-Frame-Options: DENY], responseText:{"access_token":"eyJraWQiOiJlN2M2M2UyNy0zMTNiLTQ5Y2ItYjRiZS00MjI3MWQ1YTAzZmMiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJtZXJ2aW4uci1leHRAYWxzdG9tZ3JvdXAuY29tIiwiY29tcGFueV9pZCI6IkNPTTAwMzc2MyIsImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4Njg2IiwicXVpY2tfY29kZSI6IjUxNTgiLCJjbGllbnRfaWQiOiJkZWZhdWx0X2NsaWVudCIsImF1dGhvcml0aWVzIjpbIkE4NyIsIkE0NCIsIkE0NSIsIkE0NiIsIkE0NyIsIkE0OCIsIlIyMCIsIlIyMiIsIlIyNCIsIlIyNyIsIlIyNiIsIlIyOSIsIkE1MCIsIkE1MiIsIkExMSIsIkExMiIsIkExMyIsIkcxMCIsIk0xMSIsIk0xMCIsIlIzMCIsIk0xMyIsIk0xMiIsIlIzMSIsIk0xOCIsIlZJRVdfQ09NUEFOWSIsIkE2MSIsIkE2MiIsIkE2NCIsIkEyMCIsIkE2NSIsIkEyMSIsIkEyMiIsIkE2NiIsIkE2NyIsIkEyMyIsIkE2OCIsIkEyNCIsIkE2OSIsIkEyNSIsIkEyNyIsIkE3MCIsIkE3MSIsIkE3MiIsIkEzMCIsIkE3NSIsIkEzMSIsIkE3NiIsIkEzMiIsIkE3NyIsIkEzMyIsIkE3OCIsIlIxMCIsIlIxMiIsIlIxMSIsIlIxNCIsIlIxMyIsIlIxNiIsIlIxNSIsIlIxOCIsIkE4MCIsIlIxNyIsIkE4MyIsIkE4NCIsIkE0MCIsIkE4NSIsIkE0MSIsIkE0MiJdLCJhdWQiOlsiYXV0aCIsImxlZ2FjeSJdLCJuYmYiOjE3MDU0MDM2NzksInVzZXJfaWQiOiJDT00wMDM3NjMtVVNSMDAwNDAiLCJyZXN0cmljdGVkIjp0cnVlLCJvcmdhbml6YXRpb25fdHlwZSI6IkhFQURfT0ZGSUNFIiwiZXhwIjoxNzA1NDkwMDc5LCJpYXQiOjE3MDU0MDM2Nzl9.YWchFtsKWCHpJLQRjBlvbMr2UEk6h27oTIYxUfSCnDoH5rYA-dyXatmwZGtreksFKOb9BmrgjQM1XrOos_0Wl8nzIdHsZQPytDRN6j6EOb3TL3JnGfEUJzdDTGDXjwTTUCTEkNTb7zHP6iu_IkCMKofRLW5PKwXqSBrfbNwtG0jYPUhi2uXbKOLiUY7aU-wJwiyPsFsrQufj7tJ__Sn5TEMOkzr--ap1PZJrk1mID3jseS6GShEsFqQRg4o_FPXxNxykbUTpreF8l69Qg6S3mSL3M9a9VUEhwrTwYsLbeaB_WpO0jL1CCrrrA-RgQhpT8dndCvmkt-NSaL1azEs_tw","refresh_token":"LCnYBQzAf01q-3Jft7tzVvAj8YLN390eZDjOGz_Y0_G_flYN1hccHXFdYp-__ZvesfC4shHyY80O3ZQjDJERdjqOKfaS2rVXWR93yg6zqKSuVoHk4noBA0_XcIp1w_9t","token_type":"Bearer","expires_in":86399}, cookies:[], statusCode:200]

2024-01-16/11:14:39.405 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - pullObjectsByRest - responseStatusCode ::200

2024-01-16/11:14:39.405 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Entered getResponseHeaders method

2024-01-16/11:14:39.405 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - responseError : null

2024-01-16/11:14:39.405 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - isAuthError: false

2024-01-16/11:14:39.406 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 4

2024-01-16/11:14:39.406 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : null

2024-01-16/11:14:39.406 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Decrementing connectionParamMap.refreshTryCount : 0

2024-01-16/11:14:39.411 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Inside importAccountsFull:persistAccounts, pptTypeSep : ~#~

2024-01-16/11:14:39.418 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - callStageNumber : null

2024-01-16/11:14:39.418 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - callStageNumber: null

2024-01-16/11:14:39.418 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - stageNumber: null

2024-01-16/11:14:39.418 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - processAccountsFullBySequentialAndIterative - Not Multitrigger call

2024-01-16/11:14:39.418 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Inside processAccountsFinal.

2024-01-16/11:14:39.420 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Inside processAccounts.

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Inside pullObjectsByRest

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestUtilService - Got showLogs = true

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Calling Webservice Url - https://gtqaapi.multibankportal.com/auth/v1/companies/COM003763/users with httpParams - null

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG services.HttpClientUtilityService - isFipsEnabled = false

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null

2024-01-16/11:14:39.496 [{}] [quartzScheduler_Worker-1]  DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.

2024-01-16/11:14:39.559 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestUtilService - Got showLogs = true

2024-01-16/11:14:39.559 [{}] [quartzScheduler_Worker-1]  DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Date: Tue, 16 Jan 2024 11:14:39 GMT, Content-Length: 0, Connection: keep-alive, WWW-Authenticate: Bearer error="invalid_token", error_description="Bearer token is malformed", error_uri=https://tools.ietf.org/html/rfc6750#section-3.1, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, Strict-Transport-Security: max-age=15724800; includeSubDomains, X-Frame-Options: DENY], responseText:, cookies:[], statusCode:401]

I am only stuck at the point on the line Authorization":"Bearer ${response.call1.access_token}" in my Json on how to refer to the access token got in the response.

I have tried the below options as well but they don’t seem to work.

• call1.responseText.access_token
• response.call1.access_token
• call1.response.message.access_token
  • call1.access_token

[This message has been edited by moderator to mask sensitive info]

Hi,

I am just looking for a way to refer to the access_token got as the output of the first call which is a part of the ImportAccJson.

The binding variable to use in the subsequent call is what I am looking for.

Hello @yogendragautam,

Please try with the below sample ,

{
	"accountParams": {
		"connection": "acctAuth",
		"processingType": "SequentialAndIterative",
		"deleteLinks": true,
		"call": {
			"call1": {
				"callOrder": 0,
				"stageNumber": 0,
				"listField": "content",
				"keyField": "name",
				"http": {
					"url": "https://gtqaapi.multibankportal.com/auth/oauth/token",
					"httpMethod": "POST",
					"httpContentType": "application/x-www-form-urlencoded",
					"httpParams": {
						"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
						"assertion": "${access_token}",
						"company_id": "COM003763"
					},
					"httpHeaders": {
						"Authorization": "Basic ******"
					},
					"successResponses": {
						"statusCode": [
							201,
							200
						]
					}
				}
			},
			"call2": {
				"callOrder": 1,
				"stageNumber": 1,
				"listField": "content",
				"keyField": "name",
				"http": {
					"url": "https://gtqaapi.multibankportal.com/auth/v1/companies/COM003763/users",
					"httpMethod": "GET",
					"httpContentType": "application/json",
					"httpHeaders": {
						"Authorization": "Bearer ${response.call1.message.responseText.access_token}"
					}
				},
				"colsToPropsMap": {
					"accountID": "userId~#~char",
					"name": "username~#~char"
				},
				"successResponses": {
					"statusCode": [
						200,
						201
					]
				}
			}
		}
	}
}

Please try with below path as well..
${response.call1.message.responseText.access_token}
${response.call1.message.access_token}
${response.call1.responseText.access_token}

Please try and let us know.

Thanks.

Hi,

I tried all the options suggested above, I still get the same error "Bearer token malformed".

Im sorry but I dint understand your suggestion.

Can you please elaborate ?

Hello @yogendragautam,

You need to pass both API calls in the connection JSON only you cannot pass in the otherjsons.

Can you please clarify on the below scenario.

Scenario 1: Will the call 1 assess token ever expire?

Scenario 2: How can I determine if the first call's token has expired, and what error message distinguishes it from the error message in the second call?

Scenario 3: Upon making the first call and obtaining the access token, utilize it in the second call by passing it as the assertion token for success. In the event of the second call's token expiration, is it possible to reuse the initial access token from the first call, or should it be regenerated in the first call and then passed as the assertion token for the second call?

Thanks.

Hi,

Yes, the call1 accesstoken expires in around 85000 seconds

I will have to configure the Jsons to figure out right on the error of expiration of call1's access token.

If you have a template where I can make 2 calls in a single connection JSON, please share it

I can manage the rest of the things.

The suggestions are taking too long to respond and affecting the clients business, would be great if we have a working suggestion asap.

@yogendragautam - I'm putting a connection json here which having two call as per your requirement. This is working json for me.

I tried tweaking it based on your need/data, do update the json with few more correct data and try.

Few unknown from your questions/snapshots, Kindly fill in below details and try.

- What is the output you get when you make second call? (Put that variable name in the json in place of "sessionid")

- Do you use company id to make second call? If yes, add that in the json.

- What is the error response you get when your access token is null or wrong in second call? (Put those errors with , seperated in place of "refreshTokenAuthError" in the json)

- What is the object name which store error message if you get any while making call? (update that in place of "message"  in the json)

- Add the possible error message from second call in the "authError" of json

I hope this will help you solve your multiple call issue in connection json.

Regards,

Rohit

Hi,

What is the output you get when you make second call? (Put that variable name in the json in place of "sessionid") --> I dont see any sessionid in the json above.

Any updates on this ?

Have you got a solution?