Ajax in the backend + login-oauth : Access denied

[drzraf]

I've a plugin making use of Ajax like $.get('/admin/plugins/foo/foo.php', { action: 'info', cc }, null, 'json')
Using normal login it works. But using login-oauth2 the very same requests leads to 403 "Access denied".
How am I expected to modify my plugin's (hooks?) in order to make it work?

[w00fz]

Have you tried passing the withCredentials?

xhrFields: {
   withCredentials: true
}

Also I would double check that cookies are passed through with your jQuery ajax request to ensure the request you are making is sharing the same session informations

[drzraf]

Credentials it's about Authentication headers (which are not enabled on that server). The "permission denied" comes from Grav itself (HTML page message). Cookies are sent (I checked the request). So I just think that with the default login method, the request is simply accepted. But that using the login-oauth2, the endpoint must validate the auth (cookie) or maybe "initiate" a session. What's the way it must be done? Such an endpoint URL *must* be managed by Grav [router] then how do I register an ajax-endpoint admin-side, compliant with authentication-method in use? If not, how am I expected to "bootstrap" myself the authentication checking process?