Kappa0xc0035fd6 Posted August 6, 2020 Share Posted August 6, 2020 Hello, I'm working on a oauth application, where I'm trying to retrieve information about the user that has logged in:https://invisioncommunity.com/developers/rest-api?endpoint=core/me/GETindex Currently, I get the information without they key icon in front of it. When I hover over the key icon, it says: "Only available when the request was made using an API key, or an oAuth Access Token obtained with the Client Credentials grant type" So I assumed I had to enable the option "Client Credentials" under "Available Grant Types", which I did. So what I do now is the following: 1. I send the user to: https://www.host.com/oauth/authorize/?response_type=code&client_id=CLIENT_ID&scope=profile 2. Get the code, and send a POST request to https://www.host.com/oauth/token/, with the following data: client_id : CLIENT_ID client_secret : CLIENT_SECRET code : CODE grant_type: client_credentials scope: profile Which returns: { "access_token": "ACCESS_TOKEN", "token_type": "bearer", "scope": "profile" } 3. Then I do a GET request to https://www.host.com/api/core/me with the bearer authorization, where I enter the retrieved access_token. Now I get a error: NO_PERMISSION Why do I get this? How will I able to access for example: secondaryGroups once the user authorized? Also, is it possible that Permissions can be set to allow only certain specific user groups to use the OAuth gateway? Link to comment Share on other sites More sharing options...
bfarber Posted August 6, 2020 Share Posted August 6, 2020 I'll close this as a duplicate of Link to comment Share on other sites More sharing options...
Recommended Posts