I've got a user trying out the API on my test system.
He's just reported that when he logs in using his account, he gets the following response:
Code:
{
"scope" : "read post usercp conversate admincp",
"refresh_token" : "1768ea.......c756a9a",
"access_token" : "bf2f12....53dee384c862f1",
"expires_in" : 3600
}
His XF user is not an admin so should not have the admincp scope as far as I'm aware?
"Automatically authorize ADMINCP-scope" is not enabled and neither is the [bd] API: Create Client: permission.