API V2 authorization error using APIKEY
As far as I can tell, APIKEY authorization according to:
http://help.wildapricot.com/display/DOC/API+V2+authentication
is broken.
This example:
POST /auth/token HTTP/1.1
Host: oauth.wildapricot.org
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/x-www-form-urlencoded
granttype=clientcredentials&scope=contacts finances events
simply doesn't work, always returning a "scope xxxx is not available for current client" for every scope I've tried (from the table on the same page).
Is this just completely broken, or something is missing. I note that there is no place in the API for the "application name". I also note that I don't get an "authorization error", as I would get if I use an incorrect base64-encoded API key, so it must be authenticating correctly.
Has anyone used APIKEY authentication? If so, does someone have a simple cURL command that proves it works?
Eric
shared this idea
The reason was a new line in ‘scope’ value.
-
Eric
commented
To update (and why oh WHY doesn't this forum show dates on these posts!???) the problem was a dangling newline in the POST data. It was confusing because the same dangling newline is in the POST for client_credentials\n, but it didn't complain about this, only when it was on the scope=whatever\n did the call complain.
-
Eric
commented
Well, it turns out that *omitting* the scope parameter succeeds in getting back an access token -- although the returned "AvailableScopes" array is empty.
How does one create available scopes? And why does the documentation say that "scope=auto" should return all available scopes, when in fact it returns an error?
