-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth2 client list service is maybe ambiguous #579
Comments
|
|
We agreed to keep the existing behavior of the web-service, and deprecate the parameter Another more appropriate parameter |
The parameter
authorized_only
in the OAuth2 Client list service is possibly ambiguous.Only OAuth2 clients registered by a user is listed when
authorized_only=false
(default).When
authorized_only=true
, Kustvakt does not really filter the user-registered clients, but lists all authorized clients, including those not registered by the user himself.Kustvakt should probably include all authorized clients when
authorized_only=false
. We need to show which clients owned/have been registered by the users.Maybe
registered_by
should be removed from the response for data security because it would show usernames of other users.The text was updated successfully, but these errors were encountered: