The access check for user/%user/oauth/authorizations/%oauth_common_provider_token is currently

    'access callback' => '_oauth_common_user_access',
    'access arguments' => array(1, 'oauth authorize consumers'),

This fails because there is no 'oauth authorize consumers' permission.

There is one for 'Authorize any OAuth consumers' which seems overly broad and in addition there are permissions like 'Authorize OAuth consumers in NAME<\i>'. Using the later though would require a different access function that takes both user and token.

Comments

jobeirne’s picture

This was fixed in one of the last few commits. Thanks for the report.

jobeirne’s picture

Status: Active » Closed (fixed)