Happy Birthday DC !!
Thank you for all the articles, posts, comments, contests and code...
What a great asset..I don't know where we'd be without you
Thanks for this article.
I struggled to discover the rsa PUBLIC KEY, to add to my IAM Consumer, when the OAuth server was an IRIS OAuth Server. This is what I did:
I invoked the IRIS OAuth Server's jwks_uri, to retrieve the JWKS's in a browser. (the url will typically be by default, the IRIS OAuthServer issuer endpoint followed by /jwks).
You will see a list of keys, in the jwks collection returned. I was after the RSA 256 key, mine was located as the first json object in the collection and looked (in my case) something like this (which I abbreviated for this post):
"kty": "RSA",
"n": "yxMXj7kZjBiknAboF1uZ4bvMLVXpYlX97BggXWEehrubkMI7XgQuu0NZDngHqkmgdHjpxmFO8BqFBba6ctG7XSgw2JoyCfQ0QLuEF-0d3Lna6tdUR3nTWX...0ajGmjFtzUTI_zGm_Sw",
"e": "AQAB",
"alg": "RS256",
"use": "sig",
"kid": "17"
}
I imported this JSON object into a %DynamicObject, (represented by jsonJWK variable below) and called the function to convert this to an RSA Public key:
The variable out, populated by the function above, was the RSA Public key I needed to add into IAM.
David,
In your example above - does the user 'APIUser' have any other privilges other than those needing to read/write to the underlying database(s) of the namespace the application is tied to ? Can you confirm that user does not carry %All ??
I'm finding I have a missing some permissions, and only users with %All can get to subsequent API Calls - but - the Security Audit Log does not report any errors - I just get a 401. There is something failing for me in the CSP plumbing which is decrypting the token, on the way in and setting up the user context. - my dispatch class code is not invoked.
have you encountered this or have any low-level debugging tips ?
Thanks -