Unable to create client in esignet

Vijay_S · April 16, 2025, 11:15am

Hi team,

I am unable to create client in esignet. Below is the steps I am following.

I am able to get access key from keycloak

--url http://<keycloak host>/auth/realms/mosip/protocol/openid-connect/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data client_secret=<pms client secret> \
  --data client_id=mosip-pms-client \
  --data grant_type=client_credentials

And I am getting the csrf token from /v1/esignet/csrf/token end point. I am calling the /v1/esignet/client-mgmt/oidc-client api using the access_token which I got from the first curl and csrf token from the second api.

I am getting 401

Anusha_sunkadh · April 16, 2025, 6:03pm

Hello @Vijay_S

Can you confirm if the auth token is passed in the /v1/esignet/client-mgmt/oidc-client request header? The client management endpoint requires Bearer Token authorization.

As per the default configuration, “add_oidc_client” scope is expected to be allowed scope in the auth token.

github.com/mosip/esignet

esignet-service/src/main/resources/application-default.properties

master


      
          ## Transaction halted with prepare-signup-redirect wait time to resume back with complete-signup-redirect API
          mosip.esignet.signup.halt.expire-seconds=1800
          
          ## ------------------------------------------ e-Signet binding ---------------------------------------------------------
          mosip.esignet.binding.salt-length=16
          mosip.esignet.binding.audience-id=esignet-binding
          mosip.esignet.binding.key-expire-days=10
          
          ## -------------------------------------- Authentication & Authorization -----------------------------------------------
          
          mosip.esignet.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \
            \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'},\
            \ '${server.servlet.path}/binding/wallet-binding' : { 'SCOPE_wallet_binding'}, \
            \ '${server.servlet.path}/binding/binding-otp' : { 'SCOPE_send_binding_otp'}}
          mosip.esignet.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} }
          mosip.esignet.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} }
          
          mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\
            ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\
            ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/**,\
            ${server.servlet.path}/linked-authorization/link-transaction,${server.servlet.path}/linked-authorization/authenticate,\

regards,
MOSIP team

Vijay_S · April 17, 2025, 5:56am

Yes I am sending the access token and the token has add_oidc_client scope.

"scope": "profile email get_certificate add_oidc_client update_oidc_client upload_certificate",

Topic		Replies	Views
Create esignet rely part e-Signet	5	277	September 15, 2023
RESIDENT-APP-037 --> Private Key Entry is Missing for the alias wallet-demo-client Inji inji	10	38	April 2, 2025
Initialization Keycloak data	11	561	November 21, 2023
Oidc-client request fail e-Signet	13	313	July 25, 2024
Mosip with esignet , docker error	3	53	September 3, 2024

Unable to create client in esignet

Related topics