Skip to content

[App2App] Scopes should be validated according to client type #4357

New issue
New issue
Open
Open
[App2App] Scopes should be validated according to client type#4357
Labels
bug/minor> 20% users will be affected by the issue, fix optionallycooldown/enhancementminor enhancement that users can see
@tung2744

Description

@tung2744
tung2744
opened on Jun 18, 2024

Assume AppA is authenticated, and AppB is not authenticated.

Currently, when appB tries to authenticated with app2app by AppA, the scopes of AppA's session will be inherited to appB's session. Therefore, say if AppA supports a scope that AppB doesn't support, that new AppB's session will get an incorrect scope.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug/minor> 20% users will be affected by the issue, fix optionallycooldown/enhancementminor enhancement that users can see

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions