WSO2 - Request Permission by role not working

Asked Jan 27 '21 at 13:10

Active Jan 27 '21 at 13:19

Viewed 234 times

I have configured two users in my WSO2 Identity Server, each one with some roles, to give permission to access an API (MS-Authorization-API) in WSO2 API Manager.

Camila - Internal/everyone and Application/admin-AT-wso2.com_MS-Authorization-Application_PRODUCTION
Joao - Internal/everyone

The users in the role Application/admin-AT-wso2.com_MS-Authorization-Application_PRODUCTION:

The problem is, when I make a request, using the token generated by Joao user, WSO2 API Manager is giving access to him to consume the API

How can I protect my API from some users to not get access to the it?

PS: MS-Authorization-API is accessible and visible in API Store only to admin role.
versions: wso2am-2.6.0 / wso2is-5.8.0

edited Jun 13 '22 at 20:34

Community

asked Jan 27 '21 at 13:10

Aldo Inácio da Silva

From which application the user Joao generates the token? – menaka_ Jan 27 '21 at 15:20
I used WSO2 IS to generate the first access token, then I used the WSO2 AM to generate the second access token and then I used this access token to call my API resource. – Aldo Inácio da Silva Jan 27 '21 at 17:27

WSO2 - Request Permission by role not working

0 Answers0