The token provided has insufficient scope [bonus_api] for this request

Cemil · May 23, 2019, 2:27pm

It was my mistake. In SecurityConfig I was trying to check If token had a particular role, group etc.

http.csrf().disable().authorizeRequests()
                    .antMatchers(HttpMethod.POST,"/api/xxxx").hasAuthority(ADMIN_AUTHORITY)
                    .anyRequest().permitAll()
                    .and()
                    .oauth2ResourceServer().jwt();

But when I got token with client credentials there was no role, group etc.

So I changed my code like this and it worked.

http.csrf().disable().authorizeRequests()
                        .antMatchers(HttpMethod.POST,"/api/xxxx").authenticated()
                        .anyRequest().permitAll()
                        .and()
                        .oauth2ResourceServer().jwt();

Post		Replies	Views
API Security; private_key_jwt; one or more scopes are not configured API	2	2591	November 8, 2022
Invalid_scope when trying to get a bearer token via API in Postman API	2	2910	February 13, 2024
Scope issue when authorizing Oauth OAuth/OIDC api , java	2	2670	June 13, 2022
Getting 401 after using access token Questions	5	6438	June 19, 2020
403 error code for bearer token generated with correct scope - Okta.NET SDK OAuth/OIDC o4o	6	111	November 15, 2024

The token provided has insufficient scope [bonus_api] for this request

Related topics