I have a apigility backend running, integrated with doctrine.
When I do a POST http://localhost:8080/oauth
with the following body:
{
"grant_type": "password",
"username": "jeff",
"password": "test234",
"client_id": "testclient"
}
I get a response like this:
{
"access_token": "b10bee7e1b70d2cbb0e95f77caeac3b61707032c",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "DbAPI",
"refresh_token": "bb440c03bd8df030615d6deaa35ed9b6ace84675"
}
Which is correct.
Next, I do a GET http://localhost:8080/oauth/resource
, with the following headers:
accept: application/json
origin: http://localhost:4200
(my frontend, as allowed by zfr-cors
)authorization: Bearer b10bee7e1b70d2cbb0e95f77caeac3b61707032c
I get a response like this:
{
"success": true,
"message": "You accessed my APIs!"
}
Which is also correct!
BUT, when I do a request to GET http://localhost:8080/user
(with the same headers as the request to /oauth/resource
), I get a response like this:
{
"type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html",
"title": "Forbidden",
"status": 403,
"detail": "Forbidden"
}
Which is NOT correct. When I disable authentication in the apigility web-ui, I get the correct response, which is an array of Users.
So, only /oauth/resource
returns the correct info, the rest (when auth is activated) always returns a 403, even when using the correct access_token
).
Is there any apigility/doctrine guru that can help me out?
As always, if you need more code snippets / info / screenshots, please let me know!