Oauth Client Credentials + @apiclientonly

Marcher Technologies · November 12, 2018

If the method is commented to have @apiclientonly in the docblock, instead of denying only OAuth Access Token use, it denies any use other than API key.

This is directly counter the documentation: https://invisioncommunity.com/developers/rest-api?endpoint=core/members/POSTindex

On the surface, the problem seems to be that such methods are not actually available to be granted permissions in the scopes selection form in the ACP for Oauth Client Credentials.

I can't imagine this is intended given the documentation and code. I would appreciate it if this could be looked into, thank you. It is vastly preferred to use the security superior oauth for such work.

Mark · November 12, 2018

What's the error you're getting?

Marcher Technologies · November 13, 2018

{
"errorCode": "2S291\/3",
"errorMessage": "NO_PERMISSION"
}

To note, Other calls to endpoints actually listed in the scopes tab for oAuth Client config work:

The same for an API Key:

Note the missing endpoints in the former's case. I suspect this to be the root cause.

bfarber · November 15, 2018

We'll take a look, thanks

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Oauth Client Credentials + @apiclientonly

Recommended Posts

Marcher Technologies

Mark

Marcher Technologies

bfarber

Archived

Recently Browsing 0 members

More