Getting forbidden error while getting the access token

ksolanki · June 12, 2024, 9:47am

Hi All,
I am trying to obtain an access_token to retrieve user data from the SailPoint IdentityNow platform. Following the steps in the documentation, I attempted to get the access_token but encountered a 403 error with an HTML response.

Here is the response I’m getting:

I have ORG_ADMIN privileges for my user.

I have reviewed all the points mentioned in the troubleshooting guide, but the issue persists.

Here is the cURL command used for the request to SailPoint:

curl --location 'https://{tenant}.api.{domain}.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={clientId}' \
--data-urlencode 'client_secret={clientSecret}'

Can someone help me resolve this issue?

lukas_ceremeta · June 12, 2024, 10:45am

Hello,

I do not think you have used the right category for this thread.
Also, why do you have a domain variable there?
It should be just: https://{tenant}.api.identitynow.com/oauth/token

Make sure your variables are properly filled in so you are connecting to the right place.

Make sure your Oath Token in IDN has “Client Credentials” checked.

ksolanki · June 12, 2024, 11:26am

Hi @lukas_ceremeta,

Thanks for the quick response.

I have the domain variable because my instance domain is not identitynow, but identitynow-demo. That’s why I kept it as a variable.

I’ve verified that all the variables are valid and they reference the correct place. The “Client Credentials” option is checked, and the scopes sp:scopes:default and sp:scopes:all are also added.

Any further suggestions or insights would be greatly appreciated.

mpotti · June 12, 2024, 11:47am

Here is how I get my token using python, Powershell, and Postman hope it helps.

Python Example:

def getBearerToken(clientId, clientSecret, baseUrl):
    token = requests.post(baseUrl + "/oauth/token?grant_type=client_credentials&client_id=" + clientId + "&client_secret=" + clientSecret)
    return token

Postman Example:

In postman directly this is how I have it set up to grab a token:

PowerShell Example:

$AuthEndpointSandbox = "/oauth/token"
$BodySandbox = @{
    client_id=$([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("$($JsonConfigData.SB_Client_ID)")));
    client_secret=$([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("$($JsonConfigData.SB_Client_Secert)")));
    grant_type="client_credentials"
}
$TokenResponseSandbox = (Invoke-WebRequest -Uri "$($JsonConfigData.SB_Sailpoint_Api_Url)$($AuthEndpointSandbox)" -Body $BodySandbox -Method POST).Content | ConvertFrom-Json

ksolanki · June 12, 2024, 12:57pm

Thanks, Mark.

I got the token. The root cause was the corporate network blocking the traffic, which is why I was getting the 403 access denied error despite everything being valid.

system · August 11, 2024, 12:57pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error while Using oauth to generate authorization token for api ISC Discussion and Questions apis , identity-security-cloud	7	1633	July 19, 2023
Extending identityAttribute ISC Discussion and Questions	7	1886	July 19, 2023
VS Code with sailpoint-api-client - Unable to fetch access token ISC Discussion and Questions apis , identity-security-cloud	4	419	April 23, 2024
Issue to having connection with ServiceNow using SailPoint IdentityNow for Service Catalog v3.1 app ISC Discussion and Questions identity-security-cloud , identityiq	6	248	June 30, 2024
API Authentication for service-desk-integrations ISC Discussion and Questions apis , identity-security-cloud	5	323	December 19, 2023

Getting forbidden error while getting the access token

Python Example:

Postman Example:

PowerShell Example:

Related topics