The authentication token is incorrect if not revoked
Two REST Connect rules are configured and two Authentication Profiles are used. Both the Authentication profile rules use the Credentials based OAuth token and have different Access Endpoints. However, both the Authentication profile rules use the same Client ID for the authentication. When the REST connector is invoked from an activity, the second call fails with invalid Access token error.
Response 401 Unauthorized:
Content-Type: application/json; charset=utf-8
WWW-Authenticate: Bearer realm="service" error="invalid_token" error_description="The access token is invalid or has expired"
com.pega.pegarules.pub.services.InboundMappingException: Exception occurred while mapping incoming response to .response_GET
Steps to Reproduce
- Create two REST Connect rules and refence two OAuth profile rules from each of them. Both the Auth profile rules use the Credentials based OAUTH.
- Use the same Client ID for authentication in both the Auth rules.
- Call the two REST Connectors sequentially from an activity.
Pega stores or retrieves access tokens from the pr_data_token table. Each token is stored as a combination of ClientID and Grant Type.
According to the design, keys for access token is client_id+grant_type+operatorName+scope.
Since the same Client ID is used for two different AUTH rules which have the same Grant Type, only a single record is stored in the database. Thus, in successive REST calls, though different Access Token Endpoints are associated, the Access Token retrieved from the database is the same as the first.
This causes invalid access token for the second REST call, which expects a valid token that is distinct form the first token.
Perform the following local-change since the token endpoints are different:
Use a different client_id for each of them.
0% found this useful