I think the docs are correct since it states that the user is not allowed to get a token, but, I'm not sure if granting a role should be authorized or not (which is not what the docs are saying).
I think the docs are correct since it states that the user is not allowed to get a token, but, I'm not sure if granting a role should be authorized or not (which is not what the docs are saying).