Problem: token.php checks in context_system::instance() if the user can create tokens. Which is wrong because then he/she would be able to access all courses. But I want this user to be allowed to create a token only for the courses he/she is enrolled in.
How would I do that?
So I created a web services as per https://docs.moodle.org/28/en/Using_web_services called "test". Now if i hit http://localhost:4443/login/token.php?username=student&password=Student123%23&service=test I get a permission error.