Clarify user account requirement for JWT token #6

Open
opened 2022-11-23 21:23:34 +00:00 by rawtaz · 3 comments
rawtaz commented 2022-11-23 21:23:34 +00:00 (Migrated from lab.libreho.st)

During my testing of PR !2 I've discovered that the username that is mentioned in the JWT token's payload must also exist as a user in Nextcloud. However, it must not be part of the admin group, it can be a regular unprivileged user. Given the latter, why do we even need an actual user account in the first place? Couldn't we just use a token that is "userless", and once verified allows access to editing users and groups using SCIM?

During my testing of PR !2 I've discovered that the username that is mentioned in the JWT token's payload must also exist as a user in Nextcloud. However, it must not be part of the admin group, it can be a regular unprivileged user. Given the latter, why do we even need an actual user account in the first place? Couldn't we just use a token that is "userless", and once verified allows access to editing users and groups using SCIM?
rawtaz commented 2022-11-23 21:24:09 +00:00 (Migrated from lab.libreho.st)

changed the description

changed the description
rawtaz commented 2022-11-23 21:24:16 +00:00 (Migrated from lab.libreho.st)

changed the description

changed the description
rawtaz commented 2023-03-04 20:41:42 +00:00 (Migrated from lab.libreho.st)

changed the description

changed the description
Sign in to join this conversation.
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: libre.sh/scimserviceprovider#6
No description provided.