Generic REST Collector fails OAuth 2.0 when the Client Secret is expected in the Request Body in RSA Identity Governance & Lifecycle

3 years ago

Originally Published: 2020-04-22

Article Number

000044940

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.0

Issue

A test of a Generic REST Collector fails OAuth 2.0 when a Client Secret is expected to be part of the body of the request (Collectors > Collector Type > {Collector Name} > Test button).

A test in Postman is successful:

Cause

OAuth 2.0 supports sending the Client Secret in the authorization header or in the body of the request. If the application endpoint expects the Client Secret to be sent as part of the body of the request, the collector fails. An example of an endpoint that expects the Client Secret in the body of the request is Box Business.

This is a known issue reported in engineering ticket ACM-104883.

Resolution

This issue is being investigated by the Engineering team in order to provide a permanent resolution in a future release.

Don't see what you're looking for?

Related Articles

Trending Articles