Oauth Client Credentials + @apiclientonly

Posted November 12, 20186 yr

If the method is commented to have @apiclientonly in the docblock, instead of denying only OAuth Access Token use, it denies any use other than API key.

This is directly counter the documentation: https://invisioncommunity.com/developers/rest-api?endpoint=core/members/POSTindex

On the surface, the problem seems to be that such methods are not actually available to be granted permissions in the scopes selection form in the ACP for Oauth Client Credentials.

I can't imagine this is intended given the documentation and code. I would appreciate it if this could be looked into, thank you. It is vastly preferred to use the security superior oauth for such work.

Edited November 12, 20186 yr by Marcher Technologies

November 12, 20186 yr

What's the error you're getting?

November 13, 20186 yr

Author

{
"errorCode": "2S291\/3",
"errorMessage": "NO_PERMISSION"
}

To note, Other calls to endpoints actually listed in the scopes tab for oAuth Client config work:

The same for an API Key:

Note the missing endpoints in the former's case. I suspect this to be the root cause.

Edited November 13, 20186 yr by Marcher Technologies

November 15, 20186 yr

We'll take a look, thanks

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

No registered users viewing this page.

Invision Community October: native mobile menus, auto-follow and more

Community Leaders must show up for their community

New REST API Endpoints, Webhooks and Zapier Updates

What's new in Invision Community

Oauth Client Credentials + @apiclientonly

Featured Replies

Archived

Recently Browsing 0

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)