403 Forbidden when requesting {{baseUrl}}/devices

Hi

We are seeing an issue where we are getting a 403 Forbidden when requesting {{baseUrl}}/devices.
This has been working in the past and stopped working recently.

Here is the setup:

1. We have an External Application defined with Client ID/Secret here . https://smartthings.developer.samsung.com/workspace. Permissions - r:devices:, r:locations:, x:devices:* granted.
2. We are using the Client ID/Secret to get an OAuth token - this works as expected
3. We use the access_token to query the list of devices and we get a 403 Forbidden error
4. The same access token works fine to query the list of locations and rooms

I was able to query the list of devices by generating a Personal Access token.

Has something changed related to being able to query the devices using an access token ? How do I determine what is causing the 403 Forbidden ?

Thanks

Sulakshan

Tagging @jody.albritton @erickv

Hi, @khelkhelmain

Thank you for sharing. I’ve been able to replicate this issue and it is already reported. It seems that the /token endpoint isn’t genereting tokens including whitelisted scopes.

As soon as I get an update, I’ll share with you the details.

Thanks @erickv . Please let me know once you have an update. And if there is a workaround we could use.

Hi, @khelkhelmain

Our team has released the fix of this issue. Please confirm that if you’re able to generate full scoped access tokens and that you can access the /devices endpoint correctly.

Thanks for the quick response Eric appreciate it. Will test it and get back.