Try our conversational search powered by Generative AI!
AI OnAI Off
EPiServer.ContentDeliveryApi 1.0.1
EPiServer.ContentDeliveryApi 2.1.0
Jun 27, 2018
Oct 30, 2018
Closed, Won't Fix
Steps to reproduce:
1. Configure ContentApiOptions settings in code as sample below:
var contentApiOptions = new ContentApiOptions { RequiredRole = "RequiredGroup", MinimumRoles = "MinimumGroup" };
2. Create 2 groups named as above and apply Read right to all content.
3. Create an AuthUser in MinimumGroup
4. Send a POST request to create an access token for AuthUser
5. Delete MinimumGroup and/or AuthUser
6. Send a GET request to get content by using the access token above when it's not yet expired:
{{EPCMSHost}}/api/episerver/v1.0/content/5
Expected:
Returns response code 403 Forbidden.
Actual:
Returns content data.
Note: Fix a similar issue for inactive/locked user.