0

I am working on a java client that links the UAA-API with my java controller. I have been facing issues in implementing the Password change functionality. Even with Postman I am unable to get the desired result.

Following is how I am making the request: My API Endpoint is: 

https://2bcddc1b-01be-4d79-a2c4-ee583984f538.predix-uaa.run.aws-usw02-pr.ice.predix.io/Users/8f47875b-a1c8-47d4-bdde-79eb178eaed8/password

Following are the headers: 

Content-Type: application/json
Authorization: Bearer <user-access-token-generated after login>
Pragma: no-cache

Everytime i make a request it gives the following response: 

{
    "error": "access_denied",
    "error_description": "Invalid token does not contain resource id (password)"
}

This is the API: 

https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#change-password-put-users-id-password
venergiac
  • 7,469
  • 2
  • 48
  • 70
Avneesh Srivastava
  • 103
  • 6
  • What is in the body of your request? Have you tried a ``uaac token decode`` on the user access token? Does the user have the proper scope to change the client password? – j12y May 14 '16 at 22:51
  • Yes. The client logged in has the scim.write as well as the scim.read authority as well as scope so I don't think permission is an issue here. P.S.: The only reason I am creating the Java Controller is to avoid the use of UAA Client. – Avneesh Srivastava May 15 '16 at 06:55

1 Answers1

0

The endpoint requires password.write scope.

An access token contains scopes. In order for the access token to contain the password.write scope, both the client and the user have to have the password.write scope

password.write is a default user scope - all users have it

In your case, the client that received the token, does NOT have password.write, so you access token will not have it either.