I’m wondering if anyone has figured out the new Authorization system for REST API following the upgrade of 3-4 weeks ago?
The auth token returned by my code and the one used by the browser accessing the website seem to be the same except that one is
and the other
… plus various numbers like jti and session_state.
I have tried to cut and paste the website auth token into my code, but it complains about “No credentials fround for given ‘iss’.” So I think browser is sending some extra data in the Referer Request Header, or worse in the Cookie Request Header.
A work-around might be just to mimic the website in requesting authorization, which uses requests like
rather than the old
This high-quality security can be a nuisance!