notes/cisco_org_level_entities.org
This commit is contained in:
parent
e23243b755
commit
7a5284dc36
1 changed files with 4 additions and 4 deletions
|
@ -27,7 +27,7 @@ Looking at the code, it means that we should just change the
|
|||
~iroh-auth.oauth2-client-service.core/accessible-for?~ function.
|
||||
|
||||
We should probably add a new optional field to ease both the creation and
|
||||
the search of org-level clients.
|
||||
the search for org-level clients.
|
||||
|
||||
I propose to add an optional ~org-level?~ field.
|
||||
If true during the creation then we should set the ~owner-id~ to be equal to
|
||||
|
@ -39,17 +39,17 @@ While not mandatory, handling an ownership change should mean we would like
|
|||
to provide a way to change the client's secret.
|
||||
So we should provide a *Client Secret Reset* mechanism.
|
||||
Probably a single POST endpoint that would generate a new password.
|
||||
And as we would not want to break the clients during password change, the
|
||||
And as we would not want to break the clients during a password change, the
|
||||
client should probably support two passwords temporarily.
|
||||
So having a configurable by the user grace period during which the old
|
||||
password will still be accepted.
|
||||
|
||||
So it means adding a the following optional fields to the client object:
|
||||
So it means adding the following optional fields to the client object:
|
||||
|
||||
- ~old-password~: the old password on password change
|
||||
- ~old-password-valid-until~: the date after which the old password will be rejected.
|
||||
|
||||
The time during which two password could be accepted is probably value that
|
||||
The time during which two passwords could be accepted is probably value that
|
||||
could in the worst case scenario last for a few weeks.
|
||||
|
||||
* Tasks
|
||||
|
|
Loading…
Reference in a new issue