Frequently Asked Questions - HealthCatalyst/Fabric.Authorization GitHub Wiki

1. I get a bad request error when trying to add users to a group with valid body.

Check to make sure your group's groupSource is "Custom". Only custom group can add/remove users in the group.

2. How can I create users in fabric?

Fabric can only operate with existing users in identity providers and cannot create new user outside of defined identity providers.

3. Where are authorization logs stored?

If you installed fabric identity with Docker, you can access logs through the command docker logs fabric.authorization. If you installed directly in Windows via IIS, you should be able to view logs at C:\inetpub\wwwroot\authorization\logs.

4. Is the string comparison case sensitive?

For the most part, our API is case sensitive. The only exceptions are subjectID, identity provider name, and group name, which can be sent in from third party identity provider with different casing, so fabric identity convert them to lower case before storing and comparison.

5. What are possible causes for 403 error?

403 error typically indicates one of two possibilities:

i. The access token you are using has expired. Try getting a new access token and submit your request again.

ii. The access token you are using does not have the right scope. Check the necessary scope for the resource you are requesting and ensure you have the right scope in your access token.

6. When I tried to set up or retrieve roles and permissions for my app in fabric.authorization, I get an error that my client does not have access. I already registered my client with fabric.identity. What's going on?

You need to register your client with both fabric.identity and fabric.authorization. Register both with the same client name.