Firstly, tahks for your job!!!
It was the great idea in
#2841236: Password grant endpoint: do not allow authentication, when user is blocked →
but it is still allowed to get access token for blocked user in v5.2.
#2976463: Blocked user Bearer token regeneration issue →
works as expected, but why the module allows to obtain an access token when account is already blocked?
I propose use the proposed method from #2841236: Password grant endpoint: do not allow authentication, when user is blocked → if it's possible. Otherwise no way to recognize the user status before tne next request with obtained access token.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I have tested latest patch and it works perfectly.
dieterholvoet → changed the visibility of the branch 6.0.x to hidden.
Had to add a null check on the $user variable after
🐛
Return invalid_scope error when refresh token second time.
Needs work
was released.