Assigning permissions (scopes) to different API endpoints for different types of users

john.gateley · November 17, 2020, 2:35pm

This seems fine to me. To be clear:

User A is not an admin and has the update:users scope. They are allowed to update users, but because they don’t have the admin claim they can only update their user.

User B is an admin, they have the update:users scope. They are allowed to update any user.

John

Topic		Replies	Views
How to represent multiple access level in an application calling an API? Get Help access-token , authorization , spring-boot	2	6152	March 2, 2018
I have 2 kinds of users (admins, everyone else) - where should I put this information? Get Help	5	4648	August 26, 2019
How to assign custom scopes to users? Get Help users , scopes , api-authorization	6	14801	December 7, 2020
APIs and Access Tokens with User Identity...And scopes Get Help api , id_token , scopes , access-token	4	5303	March 2, 2018
Auth0 Users, Roles, Scopes and APIs - Explanation? Get Help api , users , scopes , roles	2	3954	December 24, 2018

Assigning permissions (scopes) to different API endpoints for different types of users

Related topics