Custom REST endpoints with clients other than admin-cli?

[steffenstolze]

Hey there :)

The custom endpoint creation worked like a charm! Only problem is that

private AuthResult checkAuth() {
AuthResult auth = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();

only works when authenticating with client admin-cli (public or confidential doesn't matter, user is also totally irrelevant).

As long as I use the admin-cli client when generating the token I can use that token in my custom endpoint. Any other client and auth is always null.

I've tried everything from making the client confidential over giving the user the admin role or overwriting the aud claim.

Is it possible? I basically want to create an endpoint where the user can ask if he has specific permissions based on his access-token in this client.

[dasniko]

Basically it should work (and and has worked in history) with any client.
I don't know, if they have changed anything in the logic of BearerTokenAuthenticator().authenticate(), perhaps it's worth investigating the source code. 🤷‍♂️

[steffenstolze]

I realised that a custom mapper that I've created has overwritten the resource_access claim in the access token. But this is needed by AppAuthManager.BearerTokenAuthenticator(session).authenticate().

Now that I've used another claim in my custom mapper, the API endpoint is working with this client, too :)