diff --git a/www/content/tutorials/preview-mode/create-oauth-client.mdx b/www/content/tutorials/preview-mode/create-oauth-client.mdx index 7bb38b66..a126db56 100644 --- a/www/content/tutorials/preview-mode/create-oauth-client.mdx +++ b/www/content/tutorials/preview-mode/create-oauth-client.mdx @@ -27,13 +27,17 @@ As from `next-drupal 1.5`, user roles are used for OAuth scopes. The scopes are Next, assign the following permissions to the newly created role. -- Bypass content access control -- Issue subrequests -- View user information +- 'access content' +- 'access user profiles' +- 'issue subrequests' +- 'view all revisions' +- 'view any unpublished content' +- 'view latest version' +- 'view media' -We are assigning the _Bypass content access control_ permission to allow Next.js to access unpublished content and revisions. +We are assigning the _view all revisions_ and _view any unpublished content_ permissions to allow Next.js to access unpublished content and revisions. This scope is only going to be used when making authenticated requests from Next.js to Drupal. @@ -55,7 +59,7 @@ const articles = await drupal.getResource( ## 3. Create User -Add a new user at `/admin/people/create` and **assign them all the roles that are going to be used for scopes, including the administrator role and the role we created above**. +Add a new user at `/admin/people/create` and **assign them all the roles that are going to be used for scopes, including the role we created above**. ---