I’ve encountered a problem with the invite feature. I would like to create a stream on our site and add people to it later. I’m using graphql for this, and it creates the stream without any issues, but every time I try to add someone, I get a message that I don’t have the necessary permissions.
We’ll need some more context to understand what’s going on. Are you self-hosting or running these against Speckle on the cloud? If you’re self-hosting - what speckle server version is it and have you made any modifications to it yourself? Also - can you please post the actual error response body? And how did you create SPECKLE_MAIN_KEY - is it a personal access token? What kind of scopes did you give it access to?
Judging by the screenshot I can already see a problem, however - you’re passing in your token in the Authorization header without the ‘Bearer’ prefix (I presume). The header value has to be Bearer {TOKEN} not just {TOKEN}
The header is accepted without any issues elsewhere using this method, for example, fetching data, creating and deleting streams.
In this case, for example, it works flawlessly:
@Gircsi117 My screenshot is not an example of a GQL query, but the definition of our GQL schema. It shows that you need the “users:invite” scope for your token to be able to invoke the streamInviteCreate mutation.
Judging by the screenshot you posted in your previous reply, your token does not have such a scope. After consulting with the team, I’ve come to understand that the “users:invite” scope is allowed for first party apps only to discourage people from programmatically spamming invite creation.
Hi @AG_AOSM - yes, it unfortunately is as at the time we considered it good practice in order to prevent invites being a vehicle for spamming others, and basically using a speckle server as a mailing server…
If you are running your own server, this can be alleviated. Go in here:
And basically add the invite scope, and make sure public: true is set. After a restart and a refresh, it should show up!
@dimitrie, sorry to revive an old thread, but could you also dm me the mad trick? We have a use case where we’d like to programmatically invite users and I’d like to understand if this mad trick is easier than patching the server deployment and making the option generally available.
For your deployment we can connect SCIM providers into workspaces and you can actually manage server and workspace access in your Active Directory. Is that something you would be interested in setting up?