Postman Error - Refresh Token works, whoami doesn't
I followed Postman with Paul's directions to create my first API. I created environment variables to replace the collection variables.
I can successfully request a new access token and it updates the environment variables correctly.
However, when I run Get WhoAmI, I receive this error:
{
"type": "http://docs.valence.desire2learn.com/res/apiprop.html#invalid-token",
"title": "Unauthorized",
"status": 401,
"detail": "The access token is for another tenant"
}
I've tried both "Bearer Token" and "Inherit auth from parent" for Get WhoAmI's authorization type. WhoAmI's authorization is "Bearer Token" with the Token pointing to {{accesstoken}}. {{accesstoken}} is matching the token received from "Request a New Access Token and Refresh Token".
Any ideas or additional information I can provide to help troubleshoot this issue?
Comentarios
-
I use Inherit auth from parent for running all API calls in Postman. Under the Authorization for the folder that hold all your commands, are you using.
Auth Type: Oath 2.0
Grant Type: Authorization Code
Check box for: Authorize Using browser
Auth URL: https://auth.brightspace.com/oauth2/auth
Access Token URL: https://auth.brightspace.com/core/connect/token
Client ID: From your Manage Extensibility OAuth 2.0 setup in D2L.
Client Secret: From your Manage Extensibility OAuth 2.0 setup in D2L.
Scope: I run a lot of apis so my Scope list is long and has to match what you have in D2L- content:modules:read content:toc:read core:*:* datasets:bds:read enrollment:orgunit:create enrollment:own_enrollment:read grades:gradeobjects:read,write grades:gradevalues:read organizations:organization:read orgunits:course:create quizzing:quizzes:read role:detail:read users:userdata:create
State: something random
Client Authentication: Send as Basic Auth header
Then I click Get Token at bottom which runs the processes and grants you a token, add the token.
Now under Current Token, you should see Token and a name, the long token ID number and Header Prefix: Bearer. -
You can paste your token into a token decoder like jwt.io and check which tenant id it's registered for. You can check that against the site you're trying to use it for.
-
@Joseph.W.983 that is cool, I didn't know you could do that. https://jwt.io/
-
When I was playing with Paul's videos, I set my scope up to be core:*:*
-
@Justin.B.253 Initially, I had Auth for WhoAmI as Bearer Token instead of Oath 2.0, Request a New Access Token as No Auth, and Get WhoAmI as Bearer Token or as Inherit (neither worked.)
I set WhoAmI as Oath 2.0 and filled it out.
When setting Request a New Access Token to Inherit, I receive the error
{
"error": "unauthorized_client",
"error_description": "Unexpected Authorization scheme of "Bearer"",
"rfc6749_reference": "2.3.1, 4.1.2.1"
}Get WhoAmI returns the same error.
For Authorization under WhoAmI I have:
Auth Type: OAuth 2.0
Add auth data to: Request Headers
Token: used to populate {{accesstoken}} and {{refreshtoken}} environment variables
Header Prefix: Bearer
Auto-refresh token: ON
Share Token: OFF
Grant Type: authorization code
Callback url: autofilled as https://oauth.pstmn.io/v1/callback; authorize using browser is checked (and logs in successfully)
Auth URL: https://auth.brightspace.com/oauth2/auth
Access Token URL: https://auth.brightspace.com/core/connect/tokenClient ID: (matches Manage Extensibility OAuth 2.0 setup)
Client secret: (Manage Extensibility OAuth 2.0 setup)
Scope: core:*:* users:*:*
State: (random number)
Client Authentication: Send as Basic Auth Header
Thank you! When I paste in the access token, it says "invalid signature". I have the algorithm set to RS256; is that correct/does it matter?
The "azp" does match my client_id -
After logging into D2L, open a new tab and paste this into your browser -
https://your-org/d2l/api/lp/1.46/users/whoami
Replace your-org with yours obviously, do you get results? If you do, then something is still in incorrect in your Postman settings. I'd be happy to set up a Zoom call if you are interested. Send me an email: justinbamberg@delta.edu
