Hello,
I'm working on a oauth application, where I'm trying to retrieve information about the user that has logged in: https://invisioncommunity.com/developers/rest-api?endpoint=core/me/GETindex
Currently, I get the information without they key icon in front of it.
When I hover over the key icon, it says: "Only available when the request was made using an API key, or an oAuth Access Token obtained with the Client Credentials grant type"
So I assumed I had to enable the option "Client Credentials" under "Available Grant Types", which I did.
So what I do now is the following:
1. I send the user to: https://www.host.com/oauth/authorize/?response_type=code&client_id=CLIENT_ID&scope=profile
2. Get the code, and send a POST request to https://www.host.com/oauth/token/, with the following data:
client_id : CLIENT_ID
client_secret : CLIENT_SECRET
code : CODE
grant_type: client_credentials
scope: profile
Which returns:
{
"access_token": "ACCESS_TOKEN",
"token_type": "bearer",
"scope": "profile"
}
3. Then I do a GET request to https://www.host.com/api/core/me
with the bearer authorization, where I enter the retrieved access_token.
Now I get a error: NO_PERMISSION
Why do I get this?
How will I able to access for example: secondaryGroups once the user authorized?
Also, is it possible that Permissions can be set to allow only certain specific user groups to use the OAuth gateway?