Kappa0xc0035fd6 Posted August 6, 2020 Posted August 6, 2020 Hello, I'm working on a oauth application, where I'm trying to retrieve information about the user that has logged in:https://invisioncommunity.com/developers/rest-api?endpoint=core/me/GETindex Currently, I get the information without they key icon in front of it. When I hover over the key icon, it says: "Only available when the request was made using an API key, or an oAuth Access Token obtained with the Client Credentials grant type" So I assumed I had to enable the option "Client Credentials" under "Available Grant Types", which I did. So what I do now is the following: 1. I send the user to: https://www.host.com/oauth/authorize/?response_type=code&client_id=CLIENT_ID&scope=profile 2. Get the code, and send a POST request to https://www.host.com/oauth/token/, with the following data: client_id : CLIENT_ID client_secret : CLIENT_SECRET code : CODE grant_type: client_credentials scope: profile Which returns: { "access_token": "ACCESS_TOKEN", "token_type": "bearer", "scope": "profile" } 3. Then I do a GET request to https://www.host.com/api/core/me with the bearer authorization, where I enter the retrieved access_token. Now I get a error: NO_PERMISSION Why do I get this? How will I able to access for example: secondaryGroups once the user authorized? Also, is it possible that Permissions can be set to allow only certain specific user groups to use the OAuth gateway?
Recommended Posts