Skip to main content

We want to provide access for customers to certain data via the API using the resource owner password credentials flow.  We can successfully login to get a token if the login type is UI or unrestricted, but we need to limit the user to API so they can’t login directly through the UI.  Is this possible?

Details

  1. The first screenshot shows the normal token request when the username has a login type of UI or unrestriced.
  2. The second screenshot we limit the user type to API only
  3. The third screenshot shows how the same Postman request from #1 now provides an error that only API requests are available for the user.

Is it not possible to lock the user account down to only allow API access but also get a token?

 

@KurtBauer looks like a bug to me. 

We’ll check and report to engineering if it is.


@Dmitrii Naumov were you able to determine if my post above is a bug?  I’d like to let the client know.

Thanks


@KurtBauer we need more time to verify that.


@Dmitrii Naumov Are there any updates if this is a bug or should I open a case?  


@KurtBauer what version do you have? 

We’ve checked on our side and it seems to work fine with the scenario you’ve described.


The site is on 23.211.0017


Hi ​@KurtBauer I’ve tried in 23r2 and searched the bug tracker.

This issue has already been reported and resolved in 24r2. Unfortunately, in earlier versions the bug indeed presents. 


Reply