I can log in as admin, but other users try to login via their browser window and get that error. I don't think I want authenticated users to have that permission. Any suggestions on how to troubleshoot?
You must be using the older addon for Oauth2 given you site is 3.2 ... in 3.3 now part of core.
Question ... are you allowing users to connect using the mobile app?
In order to do so, users would need to be able to create a token.
Pick a user:
and see permissions.
Have a 3.2 site running the older plugin but is allowing mobile and users can authenticate with browser via Google.
'spirit of sharing', Ken
As I see it there are two types of tokens:
is allowed for authenticated users, however
is not allowed. It looks like that has more security risks. But should I turn it on for authenticated users?
yes, allowing moodle/webservice:createtoken for authenticated users should be fine and is the same as dangerous than moodle/webservice:createmobiletoken