Some of the comments (was inline answers):
In order to check user information that you want (user id, user name) having an oauth2 token you have to perform the following request:
http:/account.lab.fiware.org/user?access_token=token
as explained here: https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance#get-user-information-and-roles
You can not retrieve info about tenants because the oauth2 token is an unscoped token.
Technical detail of the steps:
- The rest call to 'https://cloud.lab.fiware.org/keystone/v3/auth/tokens' returns the Keystone token in the http header ‘x-subject-token’. The JavaScript code running inside the browser is unable to read this header due to CORS restrictions.
o Solution 1: put the resulting token in a ‘X-Auth-Token’ header too.
o Solution 2: put the token in the response’s JSON body.
o Solution 3: update the CORS policies to allow using the ‘Access-Control-Allow-Headers’ to authorize the ‘Access-Control-Request-Headers’ and perhaps some other tweaks.
"You are allowed to do that in the cloud portal because both the cloud portal and the API are under the domain cloud.lab.fiware.org. If you tried from a version of the portal hosted somewhere else it would fail due to CORS policies, and that is what happens in our case.
- We are missing one of the 2 values to properly use the previous API call:
o The user’s tenant id:
§ Because a call to the rest endpoint 'https://cloud.lab.fiware.org/keystone/v3/authorized_organizations/wzU_an_idm_token' or to the rest endpoint 'https://account.lab.fiware.org/user?access_token=wzU2_an_idm_token' returns an empty result
· Solution 1: grant rights to the ‘FIC2Lab Runner’ (1d75df2ec0c1478db98a3c8db3169d63) on the IdM. This is difficult for us to do because we don’t have the necessary authorization or documentation.
o The user’s tenant name:
§ Because the call to the rest endpoint 'https://account.lab.fiware.org/user?access_token=wzU2_an_idm_token' is blocked by CORS policies.
· Solution 2: update the CORS policies
If you are a Basic user you have not any organization authorised in the cloud portal
If you are a trial or a community user you will have your cloud organization authorised in the cloud portal. In order to authorise other users inside your cloud organization:
1. Access https://account.lab.fiware.org and login
2. Switch to your Cloud organization using the "Switch session" option in the dropdown in the left upper corner.
3. Go to "Members" in the left side pannel.
4. Add the user you want to authorize as a member of the org using the "Manage" button
5. Authorize the user inside Cloud Application giving him the role "Member" using the "Authorize" button
Dear,
Thanks for contacting FIWARE support, I’ve forwarded your request to the right support. We will be back to you as soon as possible.
Best,
Daniele
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help