Jump to content

Oauth Client Credentials + @apiclientonly

Recommended Posts

If the method is commented to have @apiclientonly in the docblock, instead of denying only  OAuth Access Token use, it denies any use other than API key. 

This is directly counter the documentation: https://invisioncommunity.com/developers/rest-api?endpoint=core/members/POSTindex

On the surface, the problem seems to be that such methods are not actually available to be granted permissions in the scopes selection form in the ACP for Oauth Client Credentials.

I can't imagine this is intended given the documentation and code. I would appreciate it if this could be looked into, thank you. It is vastly preferred to use the security superior oauth for such work.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...