0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/.changeset/thirty-cameras-explain.md
wangsijie 1ef32d6d54
chore: add changeset for org api resource (#5719)
chore: add change set for org api resource
2024-05-13 10:18:10 +08:00

906 B

@logto/core
minor

update token grant to support organization API resources

Organization roles can be assigned with scopes (permissions) from the API resources, and the token grant now supports this.

Once the user is consent to an application with "resources" assigned, the token grant will now include the scopes inherited from all assigned organization roles.

Users can narrow down the scopes by passing organization_id when granting an access token, and the token will only include the scopes from the organization roles of the specified organization, the access token will contain an extra claim organization_id to indicate the organization the token is granted for. Then the resource server can use this claim to protect the resource with additional organization-level authorization.

This change is backward compatible, and the existing token grant will continue to work as before.