I am trying to use Intelligent City. Even though I have added all the authorities and my client 'rupam:rupam' is getting authenticated in predix starter, I am able to see the authority predix parking 'https://rupam.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token' is not trusted because it is not in the configured list of trusted issuers: [https://99de7138-bbdb-4c6a-aa1a-0836122bb4a6.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token].
I am using Scriptr.io's predix module
Hi @eric.dargelies@ge.com, Could you help me on the similar issue?(Stuck for a while ) Please check my above question. Appreciate any help.
Regards
Musa
Hi, I see the same error from native ios app(Using IOS SDK). I've provided the trusted user ID while created the service instance, see following example command -
cf create-service location-intelligence Free location-intelligence-test -c '{"trustedIssuerIds":["https://test.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token"]}'
I'm sending a REST call to -
https://location-intelligence-service-GA-mvp1.run.aws-usw02-pr.ice.predix.io/location-intelligence/geocode-service/v1/transient/basic/reverseGeocode?x=-104.60946869999998&y=50.448169400000005
and I got
{
error = "invalid_token";
"error_description" = "The issuer 'https://test.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token' is not trusted because it is not in the configured list of trusted issuers: [https://bc9faa25-7f45-4ba0-9f49-26csdsdsd82b45.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token].";
}
Appreciate any help. Musa
Hi Abhishek,
The list of trusted issuers is populated when the instance of the service is first created. Afterwards, the Predix-Zone-Id is linked to and only trusts this uaa/issuer. So you are using a zone id that will only work in combination with a token issued by that uaa (https://99de7138-bbdb-4c6a-aa1a-0836122bb4a6.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token). So you have a couple options, if you can generate a token using client credentials for the trusted uaa proceed with that. You can also create a new instance and configure it to trust your uaa. For example (by using CF CLI)
cf create-service rupam-instance -c '{"trustedIssuerIds":["https://rupam.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token"]}'
And then the Predix-Zone-Id associated with rupam-instance will accept tokens from the rupam.predix-uaa. Feel free to reach out if you run into any more problems.
