OpenAPI spec states that each path should list the valid oAuth scopes which are required. The consumers module implements scopes as Drupal Roles, in order to provide logical groupings. This means that we need determine what permissions are required for a given endpoint, and reverse this to determine what roles have those permissions, and then return those. This is a complicated process but should be implemented.

Comments

richgerdes created an issue.