github.com/cs3org/reva/v2@v2.27.7/changelog/1.8.0_2021-06-09/scope-based-tokens.md

github.com/cs3org/reva/v2@v2.27.7/changelog/1.8.0_2021-06-09/scope-based-tokens.md (about)

     1  Enhancement: Mint scope-based access tokens for RBAC
     2  
     3  Primarily, this PR is meant to introduce the concept of scopes into our tokens.
     4  At the moment, it addresses those cases where we impersonate other users without
     5  allowing the full scope of what the actual user has access to.
     6  
     7  A short explanation for how it works for public shares:
     8  - We get the public share using the token provided by the client.
     9  - In the public share, we know the resource ID, so we can add this to the
    10  allowed scope, but not the path.
    11  - However, later OCDav tries to access by path as well. Now this is not allowed
    12  at the moment. However, from the allowed scope, we have the resource ID and
    13  we're allowed to stat that. We stat the resource ID, get the path and if the
    14  path matches the one passed by OCDav, we allow the request to go through.
    15  
    16  https://github.com/cs3org/reva/pull/1669