You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use OAuth2 scopes to restrict the privileges granted to OAuth2 consumers (as at the moment they get access to everything). One way to do it would be to link a scope to a virtual user or group, which is given permissions. The permissions are then the intersection of those of the virtual and real users'. Scopes in this world would be created ad hoc on request (which isn't too much of a bother as applications can only be created through the admin interface at the moment).
This would allow us to create meaningful names for scopes ("access to data that is restricted to members of the University", "the ability to delete users", etc).
The text was updated successfully, but these errors were encountered:
Use OAuth2 scopes to restrict the privileges granted to OAuth2 consumers (as at the moment they get access to everything). One way to do it would be to link a scope to a virtual user or group, which is given permissions. The permissions are then the intersection of those of the virtual and real users'. Scopes in this world would be created ad hoc on request (which isn't too much of a bother as applications can only be created through the admin interface at the moment).
This would allow us to create meaningful names for scopes ("access to data that is restricted to members of the University", "the ability to delete users", etc).
The text was updated successfully, but these errors were encountered: