edent
Has the OAuth scope changed?
Just started looking into this API as a new i3 owner. The OAuth token retrieval does not seem to accept "remote_services vehicle_data" as a valid scope:
% curl \
-H "Authorization: Basic yes-i-fished-it-out-from-the-apk==" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&username=me%40my.email&password=verysecret&scope=remote_services+vehicle_data" \
"https://b2vapi.bmwgroup.com/webapi/oauth/token/"
and I get the result:
{
"error" : "invalid_scope",
"error_description" : "The requested scope is invalid, unknown, or malformed."
}
Also tried with other scope values (such as authenticate_user) but no luck. If I leave the scope parameter out, I am granted an access_token with scope=journey_mate but it cannot be used to access the API, resulting in an error:
% curl -H "Authorization: Bearer magic-token-here" "https://b2vapi.bmwgroup.com/webapi/v1/user/vehicles/"
{"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed, or invalid for other reasons."}
Am I doing something wrong here or has the API structure changed? The journey_mate scope is a clear reference to the Mini app..
Sorry I have not had time to spend on this.. it looks like they are actively redoing the API with new versions of CD and exposing parts of it directly to the web clients .. thanks for reminding me, I'll try to spend an hour on this soon.
I have the same problem. Getting the following result on ubuntu: {"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
Sadly I don't have an i3 any more. I can take a look if someone wants to buy me one (😂).
