sebbASF commented on PR #23: URL: https://github.com/apache/comdev/pull/23#issuecomment-4895033171
> Actually, there is no need - this is already implemented automatically (I think also well explained in the documentation) - the actual permissions that the token allows to have is a subseet of the token scope and actual **current** permissions of the user. So basically what the "scope" of the token is is a "wish" - but the wish is only granted if the user already has those permissions. Are you saying that the user permissions are rechecked each time the token is used? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
