Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • A AlekSIS-Core
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 144
    • Issues 144
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 44
    • Merge requests 44
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Terraform modules
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • AlekSIS®AlekSIS®
  • Official
  • AlekSIS-Core
  • Issues
  • #688
Closed
Open
Issue created Apr 19, 2022 by Jonathan Weth@hansegucker⌨Owner

ClientProtectedResourceMixin allows access if no allowed_scopes are set

Using client credentials as authentication method for API views, we introduced a field for OAuth2 applications that needs to be filled with the scopes these client credentials should have access to. If there are no allowed scopes, the access shouldn't be granted as nothing is allowed. With the current code base, access is also allowed if there no allowed scopes.

Edited Apr 23, 2022 by Jonathan Weth
Assignee
Assign to
Time tracking