ever-traduora icon indicating copy to clipboard operation
ever-traduora copied to clipboard
verified publisher icon ever-co

API clients don't have the same access level as users

Open Ellpeck opened this issue 5 years ago • 1 comments

Describe the bug When logging in using the REST api, logging in with an API client doesn't allow the same access level as logging in with a user account with the same role.

To Reproduce Steps to reproduce the behavior:

  1. For a project, add an admin user
  2. For the same project, add an api client and mark it as admin as well
  3. Generate an auth token using the REST api, which works fine for both
  4. Make any of the following requests using the api client's token: GET /api/v1/projects, GET /api/v1/projects/{projectId}.

When making the mentioned requests using the admin user's auth token, everything works fine. However, when making the same requests with the admin api client's auth token, they return 401 Unauthorized.

Environment (please complete the following information):

  • Device: Desktop
  • OS: Ubuntu Server + Windows
  • Version: 0.17.0

Ellpeck avatar Nov 07 '20 01:11 Ellpeck

Hey we're reworking how API tokens work so that in the future they grant auth on behalf of the user that created them, as opposed to acting on behalf of a non-user "machine". This is why right now any account or user specific request is denied via API tokens.

But as I said, we'd like to change that.

anthonynsimon avatar Nov 07 '20 19:11 anthonynsimon