Venafi (Certificate Management) - Resolve "Grant not found"

by
Jeremy Canfield |
Updated: April 04 2023
| Venafi (Certificate Management) articles
This assumes you have already obtained a Bearer Token using curl. Let's say you attempt to verify your Venafi Bearer Token (abc123 in this example).
curl
--insecure
--request GET
--header "Authorization: Bearer abc123"
--header "Accept: application/json"
--url https://tpp.example.com/vedauth/authorize/verify
And the following is returned.
{
"error":"invalid_token",
"error_description":"Grant not found"
}
This most likely means that your Bearer Token has expired. A good starting point is to request a new Bearer Token.
curl
--insecure
--request POST
--header "Content-Type: application/json"
--url https://tpp.example.com/vedauth/authorize/oauth
--data '{ "client_id": "foo", "username": "john.doe", "password": "itsasecret", "scope":"agent:delete;certificate:approve,delete,discover,manage,revoke;ssh:manage,delete,discover,approve;configuration:delete,manage;restricted:delete,manage;security:delete,manage;codesign:delete,manage;statistics" }'
With the new bearer token, you should no longer get "Grant not found" and instead, something like this should be returned.
{
"access_issued_on":"\/Date(1623839498030)\/",
"access_issued_on_ISO8601":"2021-06-16T10:31:38Z",
"access_issued_on_unix_time":1623839498,
"application":"foo",
"expires":"\/Date(1655375498030)\/",
"expires_ISO8601":"2022-06-16T10:31:38Z",
"expires_unix_time":1655375498,
"grant_issued_on":"\/Date(1623839498030)\/",
"grant_issued_on_ISO8601":"2021-06-16T10:31:38Z",
"grant_issued_on_unix_time":1623839498,
"identity":"bar:6457517e-04a5-46e4-8ed4-7e515764a504",
"scope":"agent:delete;certificate:approve,delete,discover,manage,revoke;codesign:delete,manage;configuration:delete,manage;restricted:delete,manage;security:delete,manage;ssh:approve,delete,discover,manage;statistics",
"valid_for":31536000
}
Did you find this article helpful?
If so, consider buying me a coffee over at