Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep track of which apps requested which scopes for users #437

Merged
merged 11 commits into from Oct 10, 2022
Merged

Keep track of which apps requested which scopes for users #437

merged 11 commits into from Oct 10, 2022

Conversation

evert
Copy link
Member

@evert evert commented Oct 3, 2022

This enables us in the future to create the concept of a third-party apps. These apps will explicitly have to request the user if they are willing to give permission to certain scopes.

Right now all scopes are auto-granted, because all apps are considered 'first party' and trusted.

This is also a step towards OpenID Connect support.

Fixes #435

@evert
Add a user_app_permissions table
024c54e
@evert
Keep track of which apps requested which scopes for users.
ea920ca 
This enables us in the future to create the concept of a third-party
apps. These apps will explictly have to request the user if they are
willing to give permission to certain scopes.

Right now all scopes are auto-granted, because all apps are considered
'first party' and trusted.
@evert
Add schemas
134dad7
@evert evert added the enhancement New feature or request label Oct 3, 2022
@evert evert requested review from pschwyter and mhum October 3, 2022 01:58
@evert evert self-assigned this Oct 3, 2022
pschwyter
pschwyter approved these changes Oct 4, 2022
View reviewed changes
Copy link
Contributor

@pschwyter pschwyter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to make sure I understand: With this change apps will be able to explicitly request a list of scopes (as opposed to defaulting to all scopes), but this doesn't yet actually require permission from the user yet?

src/user-app-permissions/controller/user-collection.ts Outdated Show resolved Hide resolved
src/user-app-permissions/controller/user-item.ts Outdated Show resolved Hide resolved
@evert @pschwyter
Update src/user-app-permissions/controller/user-collection.ts
bd25eca 
Co-authored-by: Philippe Schwyter <phil@badgateway.net>
@evert
Copy link
Member Author

evert commented Oct 4, 2022

Just to make sure I understand: With this change apps will be able to explicitly request a list of scopes (as opposed to defaulting to all scopes), but this doesn't yet actually require permission from the user yet?

Yeah this is correct. We currently only have 'privileged' applications. Auto-granting these scopes makes sense for first party-applications. But for third-party applications users would have to explicitly consent to these scopes.

This entire PR is really to set up the plumbing to make that possible in the future. Tracking scopes for privileged applications is not super useful by itself.

@evert evert enabled auto-merge October 10, 2022 03:24
@evert evert merged commit dd7430f into main Oct 10, 2022
@evert evert deleted the user-app-permissions2 branch October 10, 2022 03:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pschwyter pschwyter pschwyter approved these changes

@mhum mhum Awaiting requested review from mhum

Assignees

@evert evert

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Track which applications used which scopes for a user.
2 participants
@evert @pschwyter