Duplicate API - "Super user key" missing scope

iDrunK65250

iDrunK65250

Member
Affected version
2.3
Hello,
When I try to retrieve the information of a specific user (in my case ID 2), I get a missing scope error "user:read".

(GET https://mysuperxenforoforum.com/api/users/2)
1720949343236.webp

After checking my key is valid
1720949447812.webp

I created a second key, this time a "User key" with all the scopes and obtained the same result.
I created a third "User Key" with the "user:read" scope. And this time the request worked.

So the bug is that the api doesn't check whether the key has the "allow_all_scopes" field set to true and therefore forces the use of scopes in all cases.
 
Fixed in 2.3.1:

AspectUnk

Fixed Thread 'All scopes does not work correctly'

Hello. After I upgraded to XF 2.3, the "All scopes" option does not work, even though the value in the database column allow_all_scopes is set to 1. If I manually set all scopes, the API key works. I tested it on the endpoint "/index.php?api/auth". Btw this is super user key

KMFU6BmaQJ.webpnQhBsrv3rr.webpGlDAThxKC3.webp
  • Like
 

Similar threads

D
  • Locked
Not a bug Connected Plugin to Staging Site, API will Not Connect User Permissions
Replies
3
Views
875
Paul B
P
Artis
  • Question Question
XF 2.2 Error updating Super admin password update with REST api
Replies
2
Views
907
Artis
Artis
kmecpp
XF 2.2 is_banned field missing from API response XF 2.2.1?
Replies
2
Views
934
Mike
Mike
G
XF 2.1 All scopes API key not allowed to get all users or update user
Replies
5
Views
2K
crondoc
C
Assadi
XF 2.1 Unexpected API response
Replies
4
Views
2K
fahad ashraf
fahad ashraf
Back
Top Bottom