Issue when calling rest Message using OAuth when Calling via scripted Rest Service


REST call fails with - User Not Authenticated. OAuth token has expired or has not been retrieved.

See the documentation below:!/api_doc?v=newyork&id=r_RMV2-setAuthenticationProfile_S_S


OAuth token that was originally retrieved by the admin. Probably a PRB :  PRB1366292.


This is expected because when admin gets the token initially, this access token is linked with the admin user. All requests which are using this access token to the third party is for admin user instead of the non-admin user and this will cause a security issue.

For example, if the end-user calls the REST API to get some data, it will return data that the admin user has access to which the end-user may not have access to.

If the expectation is that the OAuth access & refresh tokens retrieved by the Admin can be used by end-users without the end-users not getting access to more data on the third-party endpoint, they can apply the workaround of creating admin access or creating ACL for that role.

We need to add admin roles to the users who are trying to access the OAuth token, 


Additional Information