fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Allow Permissions Grant to User for an Entity in OAuth Grant

Open jobannon opened this issue 4 years ago • 2 comments
trafficstars

Allow Permissions Grant to User for an Entity in OAuth Grant

Problem

If a user is granted access to an Entity, those Entity Permissions cannot be accessed in the authorization code grant.

Solution

Through the OAuth flow, allow a scope to be provided (target-entity:92dbded-30af-4149-9c61-b578f2c72600:read,write target-entity:119a84d9-06c5-4d1f-a0d4-a60490b70ac5:read). If the user has such permissions, the grant should succeed. If not, then the grant should fail as if the user had failed to authenticate.

Alternatives/workarounds

You can of course use the API to retrieve the grants against your entity and you can search for all entities a user has been granted permissions on, but this is not currently part of any OAuth grants.

Additional context

https://fusionauth.io/community/forum/topic/1118/can-i-get-permissions-granted-to-a-user-against-an-entity-in-an-oauth-grant

https://fusionauth.io/community/forum/topic/1114/how-to-get-an-access_token-for-an-entity-on-behalf-of-a-logged-user

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

jobannon avatar Jul 01 '21 20:07 jobannon

Hey guys! Is there any update/timeline on this feature?

chrisgoddard avatar Dec 16 '21 02:12 chrisgoddard

@chrisgoddard sorry for the late response. We try to be transparent about issues assigned to a milestone, but sometimes schedules slip and features move around. Lools like this is slated for 1.39.0 right now.

mooreds avatar Aug 16 '22 03:08 mooreds

This was exactly what I was trying to do. I'm glad I saw this before I spent a lot of time on a dead end. Hopefully this is still a future feature? I see it was removed from 1.40.0. Has it been added back in on a future milestone?

gnuphie avatar Mar 29 '23 20:03 gnuphie

@gnuphie , it is not currently slated for a release.

Please make sure to upvote this issue, as we take community upvotes into account when deciding on our roadmap. Here's our current roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap

Thanks for using FusionAuth.

mooreds avatar Apr 02 '23 04:04 mooreds