Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New service accounts created with latest frodo-lib's frodo conn save command don't use the fr:am:* scope #397

Closed
vscheuber opened this issue Mar 29, 2024 · 0 comments
Closed

New service accounts created with latest frodo-lib's frodo conn save command don't use the fr:am:* scope #397

vscheuber opened this issue Mar 29, 2024 · 0 comments
Assignees
@vscheuber
Labels
2.0.0 Must fix for 2.0.0 bug Something isn't working

Comments

@vscheuber
Copy link
Contributor

Frodo Library version

Provide output of getVersion or us the CLI to get the version frodo -v

cli: v2.0.0-52
lib: v2.0.0-74
node: v20.5.1

Describe the issue

% frodo conn add https://openam-wf-iga-leap.forgeblocks.com/am first.last@domain.com password
Multi-factor authentication is enabled and required for this user.
Enter verification code: 456155
Connected to https://openam-wf-iga-leap.forgeblocks.com/am [alpha] as user david.lee@forgerock.com
Created and added service account Frodo-SA-1711731020183 with id 75b1e6bb-c594-49be-bf06-593a5b1b4dd0 to profile.
Created log API key 59301a34039a5e6ad581e94a7bc32cf3 and secret.
Saved connection profile https://openam-wf-iga-leap.forgeblocks.com/am

% frodo info leap
Error getting tokens
  Service account login error
  HTTP client error
    Code: ERR_BAD_REQUEST
    Status: 403
    Message: No session for request.

% frodo conn describe leap
Host                 │https://openam-wf-iga-leap.forgeblocks.com/am
Deployment Type      │cloud                                        
Username             │david.lee@forgerock.com                      
Password             │[present]                                    
Log API Key          │1ef037909a66eb311ebe3f85b2bfefe9             
Log API Secret       │[present]                                    
Service Account Name │Frodo-SA-1711731020183                       
Service Account Id   │75b1e6bb-c594-49be-bf06-593a5b1b4dd0         
Service Account JWK  │[present]                                    
Service Account Scope│fr:idc:esv:* fr:idm:*
@vscheuber vscheuber added bug Something isn't working 2.0.0 Must fix for 2.0.0 labels Mar 29, 2024
@vscheuber vscheuber self-assigned this Mar 29, 2024
vscheuber added a commit that referenced this issue Mar 29, 2024
@vscheuber
Merge pull request #398 from vscheuber/main
8c841ef 
fixes #397 - Service accounts now use the proper scopes when created …
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vscheuber vscheuber

Labels
2.0.0 Must fix for 2.0.0 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vscheuber