Jump to content

Featured Replies

Posted

Hello,

I'm working on a oauth application, where I'm trying to retrieve information about the user that has logged in:
https://invisioncommunity.com/developers/rest-api?endpoint=core/me/GETindex

Currently, I get the information without they key icon in front of it.

When I hover over the key icon, it says: "Only available when the request was made using an API key, or an oAuth Access Token obtained with the Client Credentials grant type"
So I assumed I had to enable the option "Client Credentials" under "Available Grant Types", which I did.

So what I do now is the following:

1. I send the user to: https://www.host.com/oauth/authorize/?response_type=code&client_id=CLIENT_ID&scope=profile

2. Get the code, and send a POST request to https://www.host.com/oauth/token/, with the following data:
client_id : CLIENT_ID
client_secret : CLIENT_SECRET
code : CODE 
grant_type: client_credentials
scope: profile

Which returns:
{
    "access_token": "ACCESS_TOKEN",
    "token_type": "bearer",
    "scope": "profile"
}

3. Then I do a GET request to https://www.host.com/api/core/me
with the bearer authorization, where I enter the retrieved access_token.

Now I get a error: NO_PERMISSION

Why do I get this? 
How will I able to access for example: secondaryGroups once the user authorized?

Also, is it possible that Permissions can be set to allow only certain specific user groups to use the OAuth gateway?

I'll close this as a duplicate of

 

 

Guest
This topic is now closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.