mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
1ef32d6d54
chore: add change set for org api resource
13 lines
906 B
Markdown
13 lines
906 B
Markdown
---
|
|
"@logto/core": minor
|
|
---
|
|
|
|
update token grant to support organization API resources
|
|
|
|
Organization roles can be assigned with scopes (permissions) from the API resources, and the token grant now supports this.
|
|
|
|
Once the user is consent to an application with "resources" assigned, the token grant will now include the scopes inherited from all assigned organization roles.
|
|
|
|
Users can narrow down the scopes by passing `organization_id` when granting an access token, and the token will only include the scopes from the organization roles of the specified organization, the access token will contain an extra claim `organization_id` to indicate the organization the token is granted for. Then the resource server can use this claim to protect the resource with additional organization-level authorization.
|
|
|
|
This change is backward compatible, and the existing token grant will continue to work as before.
|