Avamar : Creating OAuth2 Client from Swagger UI Fails with Unauthorized Error

The customer is experiencing an issue with creating an OAuth2 user from the Swagger UI.

• The customer is unable to create an OAuth2 user from the Swagger UI, resulting in a failed attempt.
• The customer is looking for a solution to create an OAuth2 user from the Swagger UI without using the command line.

curl -k \ -H "Content-Type:application/json" \ -H 'authorization:Basic cm9vdDpOQUxBLVN1cHAwcnQtMDAw' \ -X POST -d '{"accessTokenValiditySeconds": 1800, "authorizedGrantTypes": ["password"], "autoApproveScopes": ["all" ], "clientId": "felixtest", "clientName": "felixtest", "clientSecret": "changeme", "redirectUris": [ "https://my-app-server/callback" ], "refreshTokenValiditySeconds": 43200, "scopes": ["read", "write"]}' \ https://10.241.170.119/api/v1/oauth2/clients

The customer has provided the following steps to reproduce the issue:

• Login to the Swagger UI using the MCUser.
• Use other functions in the Swagger UI, such as listing activities and clients, with a token.
• Attempt to create a new OAuth2 client using the Swagger UI.
• Observe that the creation of the OAuth2 client fails.

The root cause of the issue is related to the authentication process when creating an OAuth2 client using Swagger UI.

• The issue is not related to any environmental changes or system configurations, but rather a misunderstanding of the authentication process.
• The root cause of the issue is the incorrect assumption that the OAuth2 client can be created using Swagger UI without proper authentication.

The resolution to the issue of failed OAuth2 user creation from Swagger UI involves understanding the correct authentication process and the minimum privileges required to create an OAuth2 client.

• First, ensure that the user attempting to create the OAuth2 client has the correct authentication credentials. The admin guide mentions using admin credentials, specifically the MCUser account.
• When creating an OAuth2 client from Swagger UI, the post call should be executed without authorizing the Swagger UI in the beginning. During execution of the post call, provide credentials and sign in.
• To execute other API calls under the oauth2-client controller, first authorize the Swagger UI with proper credentials and then trigger the calls.
• Test with different roles to confirm that only the admin role can create an OAuth2 client. This is mentioned in the admin guide.
• Use the following steps to create an OAuth2 client from Swagger UI:
  1. Open Swagger UI and navigate to the oauth2-client controller.
  2. Click on the "Create OAuth2 Client" button.
  3. Enter the required details, such as client name, client ID, client secret, and redirect URIs.
  4. Click on the "Execute" button to create the OAuth2 client.
• Verify that the OAuth2 client has been created successfully by checking the Swagger UI response.
• If the issue persists, check the rest API logs for any errors or issues.
• Consult the Avamar documentation and the admin guide for further information on creating OAuth2 clients and the minimum privileges required.

Caution: If you are unsure about any of the steps or have concerns, contact Dell Support for assistance.

for more info , please check jira https://jira.cec.lab.emc.com/browse/AVAMARESC-2460.