Support OAuth2 authentication for LiveDocument PDF view

This includes the following items:

• Secure an API view with OAuth2
• Provide scopes for all live documents
• Check OAuth2 scopes in API view

added part::backend type::feature labels

assigned to @hansegucker

marked the checklist item Secure an API view with OAuth2 as completed

marked the checklist item Provide scopes for all live documents as completed

created merge request !21 (merged) to address this issue

mentioned in merge request !21 (merged)

I have prepared an MR that allows limiting scopes per app: AlekSIS-Core!759 (merged)

That means you can now simply rely on scopes being properly filtered already when they hit your permission check.

Please test this, after the changes land in core:

• Verify that using an app that is notlimited can access the resource
• Verify that using an app that is limited, and has the desired scope, can access the resource
• Verify that using an app that is limited, but not for the desired resource, can not access the resouce

closed with merge request !21 (merged)

mentioned in commit 243fe081