Clarify user account requirement for JWT token #6
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
During my testing of PR !2 I've discovered that the username that is mentioned in the JWT token's payload must also exist as a user in Nextcloud. However, it must not be part of the admin group, it can be a regular unprivileged user. Given the latter, why do we even need an actual user account in the first place? Couldn't we just use a token that is "userless", and once verified allows access to editing users and groups using SCIM?
changed the description
changed the description
changed the description