OAuth Integrations: Provide more granular scope options for setting Integration access constraints

XMLWordPrintable

    • 4

      Problem Definition

      When creating an OAuth App to integrate with your Site, the App will have the permissions the granting User has, limited only by the Scopes the App is set to.

      This does not provide a way to limit the integration to specific projects within the Site while still allowing users with access to other projects to be able to use the Integration.

      Normally, the workaround would be to use an API Token with a User specifically for the Integration rather than OAuth, but aside from the other limitations of that approach, it is not viable when IP Allow lists are in place.

      Suggested Solution

      Allow Created Apps to be limited by Project and/or Product when they are created, separately from their OAuth Scopes. Or, even better, allow different scopes to be given by Project/Product to the integration.

      Workaround

      Currently, there is no workaround for this at this time.
      If one is found, it will be shared here.

            Assignee:
            Unassigned
            Reporter:
            Payden Pringle (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: