Following the changes to the Open Data Hub and API gateway there are some changes with OAuth 2 authentication.
The previous version of the gateway allowed a non-standard security protocol for obtaining OAuth bearer tokens. The gateway was allowing the grant type and scope to be passed in as a URL query string. The current version of the gateway has closed this loophole and now you need to ensure these parameters are in the post body.
For example, using curl we previously accepted:
curl -X POST -H âAuthorization: Basic xxxxxxâ https://api-beta.np.tfnsw.com.au/auth/oauth/v2/token?grant_type=client_credentials&scope=user
Now we only accept:
curl -X POST -H âAuthorization: Basic xxxxxxâ --data âgrant_type=client_credentials&scope=userâ https://api.transport.nsw.gov.au/auth/oauth/v2/token
If you were using OAuth 2 authentication for your apps you may continue doing so. However, we strongly encourage the switch to the API Key authentication method as itâs simpler to use and has less issues.