Jump to content

Accessing user data with Client Credentials as requirement

Recommended Posts


I'm working on a oauth application, where I'm trying to retrieve information about the user that has logged in:

Currently, I get the information without they key icon in front of it.

When I hover over the key icon, it says: "Only available when the request was made using an API key, or an oAuth Access Token obtained with the Client Credentials grant type"
So I assumed I had to enable the option "Client Credentials" under "Available Grant Types", which I did.

So what I do now is the following:

1. I send the user to: https://www.host.com/oauth/authorize/?response_type=code&client_id=CLIENT_ID&scope=profile

2. Get the code, and send a POST request to https://www.host.com/oauth/token/, with the following data:
client_id : CLIENT_ID
client_secret : CLIENT_SECRET
code : CODE 
grant_type: client_credentials
scope: profile

Which returns:
    "access_token": "ACCESS_TOKEN",
    "token_type": "bearer",
    "scope": "profile"

3. Then I do a GET request to https://www.host.com/api/core/me
with the bearer authorization, where I enter the retrieved access_token.

Now I get a error: NO_PERMISSION

Why do I get this? 
How will I able to access for example: secondaryGroups once the user authorized?

Also, is it possible that Permissions can be set to allow only certain specific user groups to use the OAuth gateway?

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...