Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity

chore: add changeset for org api resource (#5719)

Browse source 
chore: add change set for org api resource
This commit is contained in:
wangsijie 2024-05-13 10:18:10 +08:00 committed by GitHub
parent 5872172cbb
commit 1ef32d6d54
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.changeset/thirty-cameras-explain.md Normal file
View file

@ -0,0 +1,13 @@
---
"@logto/core": minor
---
update token grant to support organization API resources
Organization roles can be assigned with scopes (permissions) from the API resources, and the token grant now supports this.
Once the user is consent to an application with "resources" assigned, the token grant will now include the scopes inherited from all assigned organization roles.
Users can narrow down the scopes by passing `organization_id` when granting an access token, and the token will only include the scopes from the organization roles of the specified organization, the access token will contain an extra claim `organization_id` to indicate the organization the token is granted for. Then the resource server can use this claim to protect the resource with additional organization-level authorization.
This change is backward compatible, and the existing token grant will continue to work as before.