Validate correct authorized application when entering authorized application ID, client ID and Client Secret #129
Assignees
Milestone
Comments
|
The full scope for a Server Application has 15 endpoints. Any other type of application (Read-only, WordPress) will have less. The Wild Apricot API will response to a valid API authorization includes a list of scopes. The plugin uses the scope list to determine if the API is full access or not. If not, it will show a more specific error message directing the user to change the app type to a Server Application. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently we are not validating that the authorized application we are entering is indeed a valid "full" server application. When authorizing the ID, client ID and client Secret we should do a simple API call to validate that the type of application we have is indeed a server application.
We can do this simply by calling the endpoint we know we will need to load contactfields
/accounts/:accountId/contactfields
that will generate a 403 if we don't have the right application setup. If we get a 403 show an error that says
"You have setup an incorrect authorized application type. Please make sure your authorized is setup as a 'Server application' with full read/write privileges. If you setup a WordPress application, please delete it and create a 'Server application' with full read/write privileges instead.'
If 403 is reached with the API call, log this to the error log with ERROR condition
The text was updated successfully, but these errors were encountered: