Error 403 when trying to refresh access token via REST API
Summary
I try to refresh an access token via TER REST API. The access token was generated with permissions extension:read
and extension:write
. All other endpoints work smoothly, but when requesting /auth/token/refresh
, I keep getting a 403 response.
Side note: I am able to refresh the exact same token via TER UI at https://extensions.typo3.org/my-access-tokens/refresh.
Steps to reproduce
- Create access token with permissions
extension:read
andextension:write
- Try to refresh access token via TER REST API (see curl example below)
Example URL
Example request:
curl -X POST https://extensions.typo3.org/api/v1/auth/token/refresh -H "Authorization: Bearer xxx" -d "token=yyy"
What is the current bug behavior?
Error 403 response, token is not refreshed.
What is the expected correct behavior?
201 response as written in the API specification.
Relevant logs and/or screenshots
API response:
{"status":403,"code":1602754893,"error":"access_denied","error_description":"The user lacks necessary permissions for this endpoint."}