Layer7 API Management

  • Private Community
 View Only

  • 1.  MAS SDK - Problem with client credentials on ios

    Posted Dec 20, 2018 02:35 PM

    We are trying to implement an app on ios that uses client credentials flow. We are using the same client and msso.config on ios and android, it works on android but we are getting the following error o ios:

     

    Error:

    Error Domain=com.ca.MASFoundation.targetAPI:ErrorDomain Code=120007 "Attempted to register the device with a Scope that isn't registered in the application record on the Gateway" UserInfo={NSLocalizedDescription=Attempted to register the device with a Scope that isn't registered in the application record on the Gateway, status-code=0}

    }

     

    Source code:

    MAS.setGrantFlow(.clientCredentials)
    MAS.getFrom("/healthprobe/", withParameters: nil, andHeaders: nil, request: .json, responseType: .json, isPublic: false) { (data, error) in

     

     

     

    StackTrace:

    - 0 : "0 ??? 0x000000012baf5999 0x0 + 5027879321"
    - 1 : "1 BBM 0x0000000107a49c20 main + 0"
    - 2 : "2 BBM 0x0000000107a09e31 $SSDySSypGSgs5Error_pSgIeggg_So12NSDictionaryCSgSo7NSErrorCSgIeyByy_TR + 289"
    - 3 : "3 MASFoundation 0x00000001082c4dcb __49+[MAS parseToEjectURLResponseForCompletionBlock:]_block_invoke + 299"
    - 4 : "4 MASFoundation 0x00000001082c501b __45+[MAS parseTargetAPIErrorForCompletionBlock:]_block_invoke + 219"
    - 5 : "5 MASFoundation 0x00000001083315d6 __147-[MASNetworkingService sessionDataTaskCompletionBlockWithEndPoint:parameters:headers:httpMethod:requestType:responseType:isPublic:completionBlock:]_block_invoke + 8470"
    - 6 : "6 MASFoundation 0x00000001083b157f __67-[MASURLSessionManager dataOperationWithRequest:completionHandler:]_block_invoke + 255"
    - 7 : "7 MASFoundation 0x000000010837efa7 __36-[MASSessionDataTaskOperation start]_block_invoke + 135"
    - 8 : "8 libdispatch.dylib 0x000000010beb5595 _dispatch_call_block_and_release + 12"
    - 9 : "9 libdispatch.dylib 0x000000010beb6602 _dispatch_client_callout + 8"
    - 10 : "10 libdispatch.dylib 0x000000010bec365b _dispatch_main_queue_callback_4CF + 710"
    - 11 : "11 CoreFoundation 0x00000001098513e9 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9"
    - 12 : "12 CoreFoundation 0x000000010984ba76 __CFRunLoopRun + 2342"
    - 13 : "13 CoreFoundation 0x000000010984ae11 CFRunLoopRunSpecific + 625"
    - 14 : "14 GraphicsServices 0x000000010f7021dd GSEventRunModal + 62"
    - 15 : "15 UIKitCore 0x000000011320c81d UIApplicationMain + 140"
    - 16 : "16 BBM 0x0000000107a49c64 main + 68"
    - 17 : "17 libdyld.dylib 0x000000010bf2c575 start + 1"
    - 18 : "18 ??? 0x0000000000000001 0x0 + 1"

     

    msso.config:

    Oauth/manager configuration:

     

    Any ideas?



  • 2.  Re: MAS SDK - Problem with client credentials on ios

    Broadcom Employee
    Posted Dec 21, 2018 06:38 PM

    Good afternoon,

     

    We saw a similar issue with another customer and the resolution was that 2 client keys were required for 2 platforms and for IOS the keychain needed to be properly configured.

     

    Mark_HE can you provide any additional guidance.

     

    Sincerely,


    Stephen Hughes
    Broadcom Support



  • 3.  Re: MAS SDK - Problem with client credentials on ios

    Posted Dec 26, 2018 11:23 AM

    If you find this useful, debugging the gateway policy we concluded that the error occurs on the client side after the 'connect/client/initialize' request.

    But no clue on how to resolve the problem.



  • 4.  Re: MAS SDK - Problem with client credentials on ios

    Posted Dec 26, 2018 02:34 PM

    Taking a look at the documentation available on: http://mas.ca.com/docs/ios/1.9.00/guides/#update-scopes-for-the-client-app we find the following instructions:
    "
    When new scopes are added to the API, a new master client key must also be generated on the MAG.

    To update scopes for a client app, follow these steps:

    Get the updated msso_config.json file with the new scope from your Admin.
    Change the mobile client app to call [MAS startWithDefaultConfiguration] instead of [MAS start]
    "


    Changing the MAS.start() to MAS.start(withDefaultConfiguration: true) resolved the problem, but we are not sure what this parameter truely means and why unistalling the app wasn't enough.
    Could you help us with these questions?



  • 5.  Re: MAS SDK - Problem with client credentials on ios

    Posted Dec 27, 2018 01:08 PM

    Hi!

    The field 'Callback URL' should have a URL, not a list of SCOPE values.

    Whenever the configuration is changed, it has to be exported out of OAuth Manager and imported into the SDK.

    Other than that, the SDK should take care of switching from client_credentials flow to password as soon as a user has to be involved.



  • 6.  Re: MAS SDK - Problem with client credentials on ios

    Broadcom Employee
    Posted Dec 30, 2018 06:24 PM

    As Sascha Preibisch suggested, an apparent problem is the callback url.

    For ios apps, it should be,

    https://ios.ssosdk.ca.com/ios

     

    For android apps, it should be,

    https://android.ssosdk.ca.com/android