Restrict access some Endpoints to GlueBackendAPI for certain users using OAuth
We use GlueBackendAPI to give access for 3rd Party services to our data. They all autheticate using OAuth. OAuth has so calles scopes to restrict access to certain endpoints. This is also said in the Documentation but no examples how to do that. There is a manual of how to create a scope, but nothing about how to relate a scope to ACL or to a client/user directly.
All a user can do is enter a scope when requesting a token. But the user can then request a token to any scope or even just without any scope and have an access to all endpoints. Is there any solution how to setup this restriction?
Answers
-
Just to clarify that we both read the same documentation - - here we explain how to use scopes.
If our implementation doesn't match your needs, you may always implement your own, following this guide:
0 -
I read the following documentation -
But any user that can generate a token with his/her credentials and knows the name of a scope, can generate a token to the scope and access it. How can I limit a user to a certain scope and not being able to access any othe Endpoint?0
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 78 Spryker News
- 935 Developer Corner
- 793 Spryker Development
- 90 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 35 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 26 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 33 Product & Business Questions
- 69 Spryker Safari Questions
- 50 Random