- Issue created by @aathi179
- 🇳🇱Netherlands bojan_dev
The password credentials grant is no longer supported in 6.0, see: https://www.drupal.org/node/3315400 →
Did you mean simple_oauth 5.2? sorry, it's worked. i was sending access token and refresh token for getting new access token that's why i got unauthorized access error. but, when i sent only refresh token without `authorization header -- bearer access-token` it worked. thank you @bojan_dev.
- 🇲🇾Malaysia amal.bukhari
Hi all,
Since the original post has started albeit for a different version, I'd just ask for help here.
I'm using 5.2 with password grant type. I know it's not safe, but this is for testing purposes only.
I have generated the access and refresh tokens from /oauth/token.
Now, I want to generate a new access token, so I used the refresh token from above in /oauth/token, but with the grant_type now is refresh token, with the refresh_token being the refresh token from above. By right, I should get a new access token.
This is achievable only once. For subsequent requests, I'm getting "Token has been revoked".
- 🇲🇾Malaysia amal.bukhari
Found it. Requesting for a new access token also gives a new refresh token.
- 🇲🇾Malaysia amal.bukhari
A new problem appears. From above, after requesting a new access token using the refresh token, I cannot post nodes. The error thrown is "The 'access content' permission is required".
This error is not thrown if I get a fresh new token (from grant_type=password) instead of regenerating (grant_type=refresh_token).
- 🇲🇾Malaysia amal.bukhari
Upon searching, this can be overcome without specifying the scope parameter.