After creating an OAuth2 authorization token, I still don't have any permissions. Why's that?

I have created an authorization token following the steps outlined in How do I create an OAuth2 token? (but this time with the production server rather then the test server).

I have changed the request url by adding a few prefs:

echo "  $AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=read_prefs+write_prefs+write_api+read_gpx+write_gpx+write_notes+write_diary"

After logging myself in to, I am asked authorize the following permissions, which I do:

  • Read user preferences
  • Modify user preferences
  • Modify the map
  • Read private GPS traces
  • Upload GPS traces
  • Modify notes
  • Create diary entries, comments and make friends

After authorizing them, it seems to me that I should have them. However, when I do in a shell:


I still have no permissions:

 curl -H "Authorization: Bearer $AUTH_CODE"

 <?xml version="1.0" encoding="UTF-8"?>
<osm version="0.6" generator="OpenStreetMap server" copyright="OpenStreetMap and contributors" attribution="" license="">

Where are steps 3 and 4 of the protocol?
I think the access token still needs to be created.

This mentioned access token is required here instead of the authorization code.