When I am trying to access a jsonapi resource using access_token, it's giving 403. Also, I think in this module, resource tests are faked with a controller rather than actual resources.
Create a new Functional test and try to access vocabulary resource using jsonapi, it gives 403
{
"jsonapi": {
"version": "1.0",
"meta": {
"links": {
"self": {
"href": "http://jsonapi.org/format/1.0/"
}
}
}
},
"errors": [
{
"title": "Forbidden",
"status": "403",
"detail": "The current user is not allowed to GET the selected resource. The following permissions are required: 'access taxonomy overview' OR 'administer taxonomy'.",
"links": {
"via": {
"href": "http://127.0.0.1:8080/jsonapi/taxonomy_vocabulary/taxonomy_vocabulary/76aa9473-c00b-47f8-9e33-4ef66540bac0"
},
"info": {
"href": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4"
}
},
"source": {
"pointer": "/data"
}
}
]
}Closed: works as designed
6.0
Code
With my further analysis, it looks like the generated auth_token is invalid, because using postman I am able to make request successful. I will try to investigate further if I can narrow down issue.