Integration problem between Keyrock, fiware-pep-proxy and orion-ld #152
Description
After correctly configuring both keyrock and pep-proxy. Registering the application, users, permissions, etc. I performed the normal steps of obtaining the oauth2 token and then using it to make queries to the Context Broker.
However, although it received a positive authorization from the Keyrock, it got a negative decision from the fiware-pep-proxy.
Analyzing the problem in the keyrock log I got the following:
GET /user?access_token=b7d76f3bd48fdb9aa66679e77ddc8af26084cac2&app_id=2f3389f7-4893-4874-9825-bf816ff37329&action=GET&resource=/ngsi-ld/v1/entities/ 201 26,373 ms - 386.
However, from the pep-proxy side I received a:
User access-token not authorized
urn:dx:as:InvalidRole
It seems that the failure is in dealing with a decision by the Keyrock with empty body.
Line 60 of the lib/access_functions.js file
exports.adjudicate = function (req, res, decision) {
console.log("Decision: " +decision);
if (decision) { //<--- Here would be the problem
permit(req, res);
} else {
deny(res, 'User access-token not authorized', 'urn:dx:as:InvalidRole');
}
};