Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APIM 4.3.0] Constraint Violation Error in Authorization Code Grant Flow when Scope Whitelisting Enabled #3528

Open
AselaPathirage opened this issue Jan 17, 2025 · 0 comments
Open

[APIM 4.3.0] Constraint Violation Error in Authorization Code Grant Flow when Scope Whitelisting Enabled #3528

AselaPathirage opened this issue Jan 17, 2025 · 0 comments
Labels
Type/Bug

Comments

@AselaPathirage
Copy link
Member

Description

Encounters the following error when requesting a token using the authorization code grant type while scope whitelisting enabled. Constraint is violated in IDN_OAUTH2_ACCESS_TOKEN_SCOPE table

ERROR {org.wso2.carbon.identity.oauth2.OAuth2Service} - Error occurred while issuing the access token for Client ID : ************, User ID null, Scope : [] and Grant Type : authorization_code org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error occurred while storing new access token
	at org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler.storeAccessToken(AuthorizationCodeGrantHandler.java:229)
	at org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler.persistAccessTokenInDB(AbstractAuthorizationGrantHandler.java:529)
	at org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler.generateNewAccessToken(AbstractAuthorizationGrantHandler.java:420)
	at org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler.issue(AbstractAuthorizationGrantHandler.java:184)
	at org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler.issue(AuthorizationCodeGrantHandler.java:98)
	at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:399)
	at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:412)
	at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:365)
	at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:157)
	at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:136)
. 
.
.
Caused by: org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error when storing the access token for consumer key : *************
	at org.wso2.carbon.identity.oauth2.dao.AccessTokenDAOImpl.insertAccessToken(AccessTokenDAOImpl.java:321)
	at org.wso2.carbon.identity.oauth2.dao.AccessTokenDAOImpl.insertAccessToken(AccessTokenDAOImpl.java:107)
	at org.wso2.carbon.identity.oauth2.dao.AccessTokenDAOImpl.insertAccessToken(AccessTokenDAOImpl.java:385)
	at org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler.storeAccessToken(AuthorizationCodeGrantHandler.java:226)
	... 72 more
Caused by: java.sql.BatchUpdateException: ORA-00001: unique constraint (WSO2AM_DB.SYS_C0013497) violated

https://docs.oracle.com/error-help/db/ora-00001/
	at oracle.jdbc.driver.OraclePreparedStatement.generateBatchUpdateException(OraclePreparedStatement.java:11409)
	at oracle.jdbc.driver.OraclePreparedStatement.executeBatchWithoutQueue(OraclePreparedStatement.java:10735)
	at oracle.jdbc.driver.OraclePreparedStatement.executeLargeBatch(OraclePreparedStatement.java:10439)
	at oracle.jdbc.driver.OracleStatement.executeBatch(OracleStatement.java:5660)
	at oracle.jdbc.driver.OracleStatementWrapper.executeBatch(OracleStatementWrapper.java:292)
	at jdk.internal.reflect.GeneratedMethodAccessor251.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:118)
	at com.sun.proxy.$Proxy55.executeBatch(Unknown Source)
	at org.wso2.carbon.identity.oauth2.dao.AccessTokenDAOImpl.insertAccessToken(AccessTokenDAOImpl.java:265)
	... 75 more

Steps to Reproduce

  1. Setup APIM 4.3 with IS 6.1 as the key manager.
  2. Add the following configuration to the APIM’s deployment.toml file and start the servers. (APIM :9443 and IS :9444)
[oauth]
prompt_consent = false
allowed_scopes = ["^device_.*"]
  1. Create an application with code grant type and generate keys.
  2. Invoke the /oauth2/authorize with the device and openid scope.
  3. Invoke the token endpoint with the received code from the above step.

Version

4.3.0

Environment Details (with versions)

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AselaPathirage