Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit Clients to request access to scopes #685

Closed
leroy0211 opened this issue Apr 6, 2018 · 2 comments
Closed

Limit Clients to request access to scopes #685

leroy0211 opened this issue Apr 6, 2018 · 2 comments

Comments

@leroy0211
Copy link

leroy0211 commented Apr 6, 2018
edited
Loading

Any Client can request access to every scope it wants.

It would be nice to limit a Client to specific scopes, so it can only request access it's own pre-defined scopes.

Use Case:
We have multiple API's to read (GET) and write (PUT, POST, DELETE) data. But we don't want every Client to be able to write, only to read.

I know you can limit that with different scopes like model:read and model:write, but every Client has the authority to request access to both scopes.
@driesvints
Copy link
Member

Heya, this is currently being discussed in #691.

@martindilling
Copy link

Heya, this is currently being discussed in #691.

Did I miss something?
Wasn't that discussion about password_client and personal_access_client token automatically having access to routes protected with the client middleware?

Right now I have the same issue as described here. Trying to scope access per client, I have multiple apps that need to access this api, but only very few need the destructive rights.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@driesvints @martindilling @leroy0211