Clarify user account requirement for JWT token #6

New issue

Open

opened 2022-11-23 21:23:34 +00:00 by rawtaz · 3 comments

rawtaz commented 2022-11-23 21:23:34 +00:00 (Migrated from lab.libreho.st)

Copy link

During my testing of PR !2 I've discovered that the username that is mentioned in the JWT token's payload must also exist as a user in Nextcloud. However, it must not be part of the admin group, it can be a regular unprivileged user. Given the latter, why do we even need an actual user account in the first place? Couldn't we just use a token that is "userless", and once verified allows access to editing users and groups using SCIM?

During my testing of PR !2 I've discovered that the username that is mentioned in the JWT token's payload must also exist as a user in Nextcloud. However, it must not be part of the admin group, it can be a regular unprivileged user. Given the latter, why do we even need an actual user account in the first place? Couldn't we just use a token that is "userless", and once verified allows access to editing users and groups using SCIM?

rawtaz commented 2022-11-23 21:24:09 +00:00 (Migrated from lab.libreho.st)

Copy link

changed the description

changed the description

rawtaz commented 2022-11-23 21:24:16 +00:00 (Migrated from lab.libreho.st)

Copy link

changed the description

changed the description

rawtaz commented 2023-03-04 20:41:42 +00:00 (Migrated from lab.libreho.st)

Copy link

changed the description

changed the description

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/ci

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: libre.sh/scimserviceprovider#6

No description provided.