Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
When testing flows that involve JSP pages that invoke methods from the RecoveryApiV2 class [1] within them (for example, password-recovery-with-claims-options.jsp in the accountrecoveryendpoint web app), the following error is displayed in the UI.
There are no errors present in the browser network trace or the wso2carbon.log file when this happens but the _httpaccess log file contains the following log at the time of the error.
POST /api/users/v2/recovery/password/init HTTP/1.1 403 194 "-" "Java/11.0.23" 0.001
This indicates that the V2 recovery REST API in WSO2 Identity Server had been invoked by credentials that do not have the correct permissions.
Upon further investigation to identify the authorization header, it was observed that the internal communication was flowing through the app name configured user for the web app and that this user does not have the required permissions to invoke the above APIs. This needs to be fixed.
Describe the issue:
When testing flows that involve JSP pages that invoke methods from the RecoveryApiV2 class [1] within them (for example, password-recovery-with-claims-options.jsp in the accountrecoveryendpoint web app), the following error is displayed in the UI.
There are no errors present in the browser network trace or the wso2carbon.log file when this happens but the _httpaccess log file contains the following log at the time of the error.
POST /api/users/v2/recovery/password/init HTTP/1.1 403 194 "-" "Java/11.0.23" 0.001This indicates that the V2 recovery REST API in WSO2 Identity Server had been invoked by credentials that do not have the correct permissions.
Upon further investigation to identify the authorization header, it was observed that the internal communication was flowing through the app name configured user for the web app and that this user does not have the required permissions to invoke the above APIs. This needs to be fixed.
[1] - https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/client/api/RecoveryApiV2.java
Optional Fields
Related issues:
Suggested labels: