Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add required scope validation #387

Closed
blumTom opened this issue Jan 8, 2021 · 2 comments
Closed

Add required scope validation #387

blumTom opened this issue Jan 8, 2021 · 2 comments

Comments

@blumTom
Copy link

blumTom commented Jan 8, 2021

Problem
When using oauth2.0 the user can choose a subset of the scopes, which are required by the application. In case, the user does not choose all scopes, only a subset of the functionality can be used. This leads to a situation, in which the resource server has to decide whether to accept or reject a request based on the request id and the set of included scopes.

Possible Solution
Inspired by ACLs: Define policies, which map requests to users (optional) and required scopes. Validate if a request is allowed by comparing the given scopes with the scopes, which are required for the given request id and user (optional).
@aeneasr
Copy link
Member

aeneasr commented Jan 15, 2021

Thank you @blumTom ! Unfortunately, we don't plan to add new features to the current state of ORY Keto given that we are working hard on #267

@zepatrik
Copy link
Member

Closing because this is addressing legacy Keto.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aeneasr @zepatrik @blumTom