Top Menu

Jump to content
    Global modules

    Global modules

    • Home
    • Projects
    • Activity
    • Work packages
    • Gantt charts
    • Calendars
    • Team planners
    • Boards
    • News
    Home
    Home
Help
    Getting started
    • Introduction video
  • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
  • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation

User menu

Sign in
Forgot your password?

or sign in with your existing account

OpenProject ID Google

Side Menu

Collapse project menu
  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Boards
    Boards
  • Wiki
    Wiki

Content

Expand project menu

Updated by Jan Sandbrink 5 months ago

**As** an administrator
**I want to** validate the scope of JWTs
**so that** they can only be used in the context that they were intended to be used for.

**Acceptance criteria**

* For incoming JWTs, we validate the scope similar to how we do it for access tokens issued by Doorkeeper

* This means incoming JWTs need to carry a scope to be able to access our APIs (e.g. `api_v3` for requests to APIv3)


**QA Notes**

As this is an API change, it's only "Postman testable" (Postman is not a requirement, but making an API request is ;-)).

Back

Loading...