One other note, I started really having trouble with this after upgrading to 4.2.1

This may be an issue with auth role changes in the most recent release due to our auth model changing. I’ll verify and get back to you soon.

For clarity, which role does the user have that is generating the bearer token?

I’m currently falling back to a local admin user to generate the bearer token

Which role were you using before?

Same one

Same account, I mean

Was the role admin on both accounts?

I mean in both instances

Yes

In this case, I used the same account which has the admin role

It worked before upgrading to 4.2.1

No worries. I’ll be at my laptop in about an hour. Want to grab some time?

Now I can’t get it to work

I’d love some help, yes!

Still 7:30am where I am. Will ping you as soon as I’m fully online.

Sounds great!

for this thread: the sync endpoint is returning forbidden for a local user with admin permissions. We tested this via the API tool in the prod environment UI (thanks Joshua for the time)

Joshua also showed me that AD users are unable to fetch tokens so will file something for that to take a look

Support / bug .. that makes sense

All, spoke with eng about this, there is a fix coming in 4.2.2. Unfortunately it is not a policy update we can make. The sync endpoint will be unblocked in the next release timed for next week. @Joshua Cook working on a plan for you in the interim

Also filed a story for ensuring that AD users can pull bearer tokens and use the APIs