You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2021/04/11 21:54:26 UTC

[GitHub] [fineract] ptuomola commented on pull request #1684: Add client IDs for selfservice user in auth credentials (FINERACT-1340)

ptuomola commented on pull request #1684:
URL: https://github.com/apache/fineract/pull/1684#issuecomment-817378805


   Hi
   
   The comment says "Below one won't return client IDs in JSON and will continue working as it has been
   https://localhost:8443/fineract-provider/api/v1/authentication"
   
   But after this change, it would seem that the client IDs are if the attribute user.isSelfServiceUser() is set. 
   
   Given that this is read from the database (m_app_user.is_self_service_user), doesn't this mean that if someone calls /v1/authentication for a user for whom  m_app_user.is_self_service_user=1, the /v1/authentication will also return the clients? Which was not the intention.
   
   My suggestion would be instead to pass a boolean flag (i.e. returnClientList) to call of authenticate() from SelfAuthenticationApiResource and use that to determine whether clients should be included in the response. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org