Web Services SaaS Connector – Custom Authentication with JSON Body Fails (Bearer Token)

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi Team,

I’m configuring a Web Services SaaS Connector to integrate with MobileExpense (MXP). The target application uses a custom token endpoint that accepts a JSON body and returns a Bearer token. I’ve configured Custom Authentication but both Test Connection and Account Aggregation fail with a generic error.

Target Application Auth Endpoint

  • URL: POST https://auth.mobilexpense.com/Authentication/GetJsonToken
  • Content-Type: application/json
  • Request Body:
{
  "uniqueId": "Base64EncodedString==",
  "key": "secret_key_value",
  "authorizeSameIpOnly": false
}
  • Response (200 OK):
{
  "access_token": "eyJhbGciOiJodHRwOi8vd3d3Lnczb...",
  "token_type": "Bearer",
  "expires_in": 86399
}

This works perfectly in Postman — I get a valid token and can use it to call all MXP API endpoints successfully.

My Configuration

Connection Settings

  • Authentication Type: Custom Authentication
  • Base URL: https://api-mxp.mobilexpense.com
  • All other fields (Username, Password, API Token, etc.) left blank

Custom Authentication HTTP Operation

General Information:

  • Operation Name: Custom Authentication
  • Operation Type: Custom Authentication
  • CustomAuthenticationURL: https://auth.mobilexpense.com/Authentication/GetJsonToken
  • HTTP Method: POST

Header:

Key Value
Content-Type application/json

Body (Raw):

{
  "uniqueId": "MjEtMTUxNC0yRk...MTUxNA==",
  "key": "my_secret_key",
  "authorizeSameIpOnly": false
}

Response Mapping:

Schema Attribute Attribute Path
accesstoken access_token

Note: After saving the configuration, I can see the token value automatically populated in the Attribute Path field of the Response Mapping, which suggests the Custom Authentication call itself is succeeding and the token is being retrieved.

Test Connection Operation

General Information:

  • Operation Name: Test Connection
  • Operation Type: Test Connection
  • Context URL: /Synchro/User/Entity/1514/noe.sandbox.ECFILDMI (confirmed working in Postman)
  • HTTP Method: GET

Header:

Key Value
Authorization Bearer $application.accesstoken$

Error

Both Test Connection and Account Aggregation fail with the same generic error:

[ConnectorError] Error (requestId: b58739e951a04d169c386685d1f02ca8)

No HTTP status code, no detailed message — just [ConnectorError] Error.

What I’ve Already Tried

  1. Verified credentials work in Postman — auth endpoint returns 200 with valid token, and all MXP API endpoints work with that token.
  2. Tried different Response Attribute names — both access_token (with underscore) and accesstoken (without underscore) as the Schema Attribute in the Custom Auth response mapping.
  3. Removed quotes from Authorization header value — ensured it’s Bearer $application.accesstoken$ without surrounding quotes.
  4. Tried with API Token auth type previously — worked fine with a hardcoded token, confirming the MXP API endpoints and response mappings are correct.

Questions

  1. Has anyone successfully used Custom Authentication with a JSON body on the Web Services SaaS connector (not the VA-based one)?
  2. Is there a known limitation with Custom Authentication on WSC SaaS that would cause this behavior? I found this community post that guided me in the configuration, but it didn’t work out

Any guidance would be greatly appreciated. Thank you!

2

On your custom authentication endpoint, how is Response Information setup?

3

have you tried this ?Custom Authentication

4

Literally in the OP’s title and stated in his “Custom Authentication HTTP Operation” section.

5

Hi @Blazelip Do you know whether the connector is actually resolving the $application.accesstoken$ variable? I ask coz I’ve got an outstanding issue where these type of variables are not getting resolved on the SaaS Web Services Connector. As a test, maybe add it to the actual context URL and see in the logs whether it is getting resolved?

6

Here how it looks like

image
image2802×816 69.4 KB

7

Hello Jeremy,
Actually I’m not aware of this, I need to check this hypothesis

8

From the documentation:

Be sure to use a custom name for the Response Attribute Key other than the default name. For example, instead of using accesstoken you can define it as customaccesstoken.

  • The accesstoken entry can’t be used in response mapping for custom authentication. You must use a different, unique entry to save the response.

So change your Response Mapping, have the Schema Attribute be something else. Ex. custom_accesstoken

Then use $application.custom_accesstoken$ in your other endpoints.

11

@Carlatto
This hint would be valid for the non SaaS connector
It’s mentioned in its documentation

Since I’m configuring SaaS connector and its documentation there is no such message about having the custom_accesstoken.

But still I was too desperate yesterday, that’s why I’ve tried out this trick already, didn’t workout.

12

I would try out Jeremy’s recommendation. If it isn’t showing in the logs, then I would recommend opening a support ticket.

13

Just in case if someone reads this thread and has the same issue.
I figured this out, 2 important points:

  • customaccesstoken demand as well necessary as in the non SaaS connector.
  • The formatted JSON Request Payload you see above occurred my error.
    After I’ve trimmed it, it worked out.

So the payload should look like this
{"uniqueId": "MjEtMTUxNC0yRk...MTUxNA==","key": "my_secret_key","authorizeSameIpOnly": false}