Skip to content
This repository was archived by the owner on Nov 11, 2022. It is now read-only.
This repository was archived by the owner on Nov 11, 2022. It is now read-only.

Has the OAuth scope changed? #42

Description

@vaizki

Just started looking into this API as a new i3 owner. The OAuth token retrieval does not seem to accept "remote_services vehicle_data" as a valid scope:

% curl \
   -H "Authorization: Basic yes-i-fished-it-out-from-the-apk==" \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -d "grant_type=password&username=me%40my.email&password=verysecret&scope=remote_services+vehicle_data" \
   "https://b2vapi.bmwgroup.com/webapi/oauth/token/"

and I get the result:

{
  "error" : "invalid_scope",
  "error_description" : "The requested scope is invalid, unknown, or malformed."
}

Also tried with other scope values (such as authenticate_user) but no luck. If I leave the scope parameter out, I am granted an access_token with scope=journey_mate but it cannot be used to access the API, resulting in an error:

% curl -H "Authorization: Bearer magic-token-here" "https://b2vapi.bmwgroup.com/webapi/v1/user/vehicles/"
{"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed, or invalid for other reasons."}

Am I doing something wrong here or has the API structure changed? The journey_mate scope is a clear reference to the Mini app..

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions