yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

notes/customer_manager.org

Browse source
This commit is contained in:
Yann Esposito (Yogsototh) 2021-10-15 15:47:04 +02:00
parent e8d5de3e10
commit 28c69d2073
Signed by untrusted user who does not match committer: yogsototh
GPG key ID: 7B19A4C650D59646
1 changed files with 1 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
notes/customer_manager.org
View file

@ -39,16 +39,7 @@ that will continue to use an older access token from the wrong org/tenant.
Idea, give other teams a trusted client.
With this client and a user-id the team could get tokens for this user-id.
The API will provide a new custom route.
So teams could be given a unique OAuth2 client that will be /trusted/ by
IROH administrators.
With this client and a user id, the team will get back a couple
access/refresh token for their client (limited to their scopes).
This makes it possible, once a user is authenticated inside IROH-Auth to
hand tokens to other teams.
One mechanism to handle this situation is the webhook, but we could also use OpenID Connect, etc..
This is a probably safer mechanism than webhooks that do not involve any =client-secret=.
*** org-level credentials