I've been trying to find an answer for this very same question.
I've set up the correct RESTful Service Privilege which is selected in the "Required privileges" drop down, the user used for testing is assigned to the group belonging to this same Service Privilege. (Basically what the post above explained)
What authentication scheme does the RESTful Service module uses with a set-up like this? I cannot get past the 401 page. How exactly are we supposed to pass on authentication data when consuming RESTful Service with 'Required privilege' enabled? There seems to be no documentation for this particular case.
This is documented in restful_services_devguide.html that apparently isn't available online. It comes with apex listener installation I believe.
The gist of it is:
- Create a user belonging to OAuth 2.0 Client Developer group
- That user can now register a 3rd party application at the url http(s)://server:port/apex/<workspace>/ui/oauth2/clients/
- Once registered one can obtain an access token at
https://server:port/apex/<workspace>/oauth2/auth?response_type=token&client_id=CLIENT_IDENTIFIER&state=STATE - the application is responsible for providing the state string which should be randomly generated to prevent CSRF
- Once you have the token you can query the protected webservice by supplying the request header "
Authorization: Bearer ACCESS_TOKEN"