4 Replies Latest reply on Nov 14, 2014 2:59 PM by kbarnard

    oAuth and session grant

    kbarnard

      I have followed this document OAuth 2.0  and created an add-on for oAuth.  This works great as I am able to use grant_type=session in the oAuth process to get access and refresh token.  My account is an admin account and I installed the add-on.  I have given this to a regular user who does not have permission to edit add-ons.  Every time he tries to get the access token he get's a 401 forbidden.  I am running in Jive cloud and have no idea what could be causing this.  Any ideas as to why it would work for me and not him, besides the obvious client secret is wrong which I have checked.

        • Re: oAuth and session grant

          that particular grant_type was added for a specific purpose, not intended for general use, that said, use of it requires

          • Client Id
          • Client Secret
          • Session cookie.

          When you say "I have given this to a regular user", what exactly did you give? How is the regular user making the OAuth request to obtain an access token?

            • Re: oAuth and session grant
              kbarnard

              I have given him the Client ID and Client Secret and he has the ability to get the session cookie via SAML integration.  The use case here is to automate content updates in his group, which cannot be done using a regular federated SAML based account.  My thoughts are the he is somehow not getting the session key or that he is getting the Client ID/Secret wrong.  Is there something else on the Jive side that would prevent this from working?  I think this falls in the use case for using that grant_type as the RESTful API doesn't support SAML based POST/PUT calls.