Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 client list service is maybe ambiguous #579

Open
margaretha opened this issue Apr 3, 2023 · 1 comment
Open

OAuth2 client list service is maybe ambiguous #579

margaretha opened this issue Apr 3, 2023 · 1 comment
Assignees
@Akron @margaretha @hebasta
Labels
discussion

Comments

@margaretha
Copy link
Contributor

The parameter authorized_only in the OAuth2 Client list service is possibly ambiguous.

Only OAuth2 clients registered by a user is listed when authorized_only=false (default).

When authorized_only=true, Kustvakt does not really filter the user-registered clients, but lists all authorized clients, including those not registered by the user himself.

Kustvakt should probably include all authorized clients when authorized_only=false. We need to show which clients owned/have been registered by the users.

Maybe registered_by should be removed from the response for data security because it would show usernames of other users.
@hebasta
Copy link

hebasta commented Apr 3, 2023
edited

registered_by:
I agree that it is a data security sensible subject. On the other side it might be for some users a helpful information, for example, if you want to install only clients of a certain institution, etc.
All in all we probably should delete it, but keep that in mind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Akron Akron

@margaretha margaretha

@hebasta hebasta

Labels
discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Akron @margaretha @hebasta