Description
FreePBX Version
FreePBX 16
Issue Description
When an API is created, there is no owner created in the api_applications table.
For this reason, if someone need to use authorize URI, the is no association between the username and the client_id.
I forced the owner putting username id, it doesn't work anyway.
I think something is missing with this logic.
I imagine if the admin create a web-app or a single page API, then it should get a list box with the users to be associate with the client_id.
For now, the FreePBX server cannot return any token with the client_id, client_secret, code ...etc
I used this document bellow trying the web-app and single-page method, no way.
https://aaronparecki.com/oauth-2-simplified/#web-server-apps
I think samgoma should write a document giving some examples with the authorize URI usage once fixed.
Here, the link in the FreePBX forum relating this issue.
https://community.freepbx.org/t/api-web-app-type-authentication-issue/94633
However, machine to machine works fine, but it's not safe to use any remote applications for managing any FreePBX / PBXact systems.
Operating Environment
framework: 16.0.40.7
api: 16.0.13
Relevant log output
{"error":"invalid_client","message":"Client authentication failed"}