GuidesiMIS ProfessionaliMIS EnterpriseClient Support
HomeGuidesAPI ReferenceChangelogDiscussions
GuidesiMIS ProfessionaliMIS EnterpriseClient SupportLog In

Discussions

Ask a Question
Back to All

OAuth 2.0 - Cross Site access to REST

almost 6 years ago by Stuart Lee

From my experience the only way to retrieve an OAuth token from REST, from an external client is to use authentication details of a user that is in the RemoteService role when posting.

POST: https://MyImisDomain/Asi.Scheduler/token

Otherwise, if I remove the user from this role, even for MANAGER, I see the error

{
"error": "invalid_grant",
"error_description": "Not authorized for Services."
}

Is this correct, do I always have to use the RemoteAccess role or I have I missed something?

What rights does the RemoteAccess role grant?
From my brief testing it appears to grant access to other unrelated party's data.

Is there a way to use REST, cross site, where regular public user authentication can be used and the ClaimsMapping / Templates are honoured?