Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Boards
    Boards
  • Wiki
    Wiki

Content

Updated by Jan Sandbrink 22 days ago

**As** an administrator
**I want to** validate the scope of JWTs
**so that** they can only be used in the context that they were intended to be used for.

**Acceptance criteria**

* For incoming JWTs, we validate the scope similar to how we do it for access tokens issued by Doorkeeper

* This means incoming JWTs need to carry a scope to be able to access our APIs (e.g.

* TBD: Potentially make a temporary exception for when validating `api_v3` for requests to APIv3)

Back

Loading...