diff options
| author | Lars Wirzenius <liw@liw.fi> | 2018-09-18 13:53:43 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2018-09-18 13:53:43 +0300 |
| commit | b3f541f869e1fb05ecb0ccef1323779b00365390 (patch) | |
| tree | aeb18ba0431082bd01db07f6fcc07810f8a91283 | |
| parent | 6907f0d0a086649f86b547a224ab43fda090a004 (diff) | |
| download | ick.liw.fi-b3f541f869e1fb05ecb0ccef1323779b00365390.tar.gz | |
Add: clients should not create clients
| -rw-r--r-- | blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn b/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn index fc62f5a..02a39b2 100644 --- a/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn +++ b/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn @@ -48,3 +48,8 @@ Thus the approach is as follows: * Also eventually, Qvisqve will add groups, but that's not relevant yet. + +Added (suggested by Daniel): Clients should NOT be given a scope to +add new clients. It may be worthwhile to have Qvisqve enforce that. +Only users should be able to do that. + |