Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

REST API call unable to regenerate the access token

prashanth_sv
New Contributor III
New Contributor III

Hi Team,

We are facing issue in re-generating the token in connection json. We need to manually update the access token from postman.

Attaching the jsons. Tried with refresh token also but unable to refresh the token as there is no error path, where we can detect the token expiry and regenerate the token

Also status code is  200 for all the API calls. So unable to regenerate the access token based on status code.

Error while trying to attempt any operations from IGA we get the same error message as below. Attaching error for addaccess json

Profile":{"headers":{"Server":"Apache-Coyote/1.1","Content-Length":"257","Date":"Thu, 02 Mar 2023 12:42:30 GMT","Content-Type":"text/xml;charset=utf-8"},"message":{"ns0:AddProfileProvisionResponse":{"ns0:Successful":false,"xmlns:ns0":"http://company.com/api/2011/12","ns0:ErrorMessage":"Token is invalid","ns0:LogMessages":""}},"statusCode":200,"description":null,"status":"Failed"}}

Attaching the screenshot of postman of where we are generating the access token. Let us know on how we can achieve to consume the error path to generate the token.

prashanth_sv_0-1677839441409.png

Regards,

Prashanth.s.v

[This post has been edited by a Moderator to remove sensitive information.]

8 REPLIES 8

SB
Saviynt Employee
Saviynt Employee

Can you refer to the below REST connector guide to verify your JSON. Search for "The following tokens are used for OAuth:". The JSON depends on how the access/refresh token is generated (using single url or diff). Please use the example based on the application you are integrating with.

https://docs.saviyntcloud.com/bundle/REST-v2020x/page/Content/Developers-Handbook.htm


Regards,
Sahil

prashanth_sv
New Contributor III
New Contributor III

Hi Sahil,

Thanks for the response, we tried the JSON with refresh token but its not working also as we dont have any refresh token available at application end.

Could you please help us to know how we can detect the authError from below response.

Profile":{"headers":{"Server":"Apache-Coyote/1.1","Content-Length":"257","Date":"Thu, 02 Mar 2023 12:42:30 GMT","Content-Type":"text/xml;charset=utf-8"},"message":{"ns0:AddProfileProvisionResponse":{"ns0:Successful":false,"xmlns:ns0":"http://company.com/api/2011/12","ns0:ErrorMessage":"Token is invalid","ns0:LogMessages":""}},"statusCode":200,"description":null,"status":"Failed"}}

Regards,

Prashanth.s.v

[This post has been edited by a Moderator to remove sensitive information.]

SB
Saviynt Employee
Saviynt Employee

Can you add the below block in your Connection json you shared before (connjsonoauth_rest) and then try

"retryFailureStatusCode": [
401
],


Regards,
Sahil

prashanth_sv
New Contributor III
New Contributor III

Hi Sahil,

We tried this already but the application status code always returns 200 even if its success or failure.

Regards,

Prashanth.s.v

prashanth_sv
New Contributor III
New Contributor III

Hi Sahil, 

The issue is resolved after removing the access_token field explicitly defined in Connection JSON call. Attaching the JSON for reference.

{
"authentications": {
"acctAuth": {
"authType": "BasicWithAccessToken",
"url": "https://company.com/as/token.oauth2?grant_type=client_credentials",
"httpMethod": "POST",
"properties": {
"userName": "apollo_uam_itg_app",
"password": "jzBG"
},
"httpHeaders": {
"contentType": "application/json",
"Authorization": "Basic YXBvbGxvX3c=",
"Cookie":"HPIUID=6S2Cf4yPe2kjM"
},
"httpParams": "{\"client_id\": \"apollo_uam_itg_app\", \"client_secret\": \"jzBG\"}",
"httpContentType": "application/json",
"expiryError": "ExpiredAuthenticationToken",
"retryFailureStatusCode": [
500
],
"authError": ["false","Token is invalid"],
"timeOutError": "Read timed out",
"errorPath": "errors.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer"
}
}
}

Regards,

Prashanth.s.v

[This post has been edited by a Moderator to remove sensitive information.]

Hi Prashath,

 

We are facing a similar kind of issue. grant type is client_credentials and the access token has very short expiry. so it has to get regenerated whenever it gets expired and should get reused in the jsons. We had tried the oauth2. but the access token value is not getting generated. it is taking the value from the connection json where we explicitely mention the token value. In your connection json you have specified username and password, did you use the client secret and id as user name password and used authtype as "basicwithaccesstoken"?

Hi SaraMohanraj,

Yes, we did try that option also but it didn't work, since we dont have refresh token, its difficult to generate the access token automatically. Its better if you can get the refresh token added on the application side if its not present.

We have also raised a ticket and working with Saviynt on this. For now, we are using the above JSON and then updating it in backend using customquery everytime during provisioning.

Regards,

Prashanth.s.v

We are facing similar issue, did it work for you? If yes  can you share the JSON?

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.