This repository was archived by the owner on Mar 20, 2025. It is now read-only.
This repository was archived by the owner on Mar 20, 2025. It is now read-only.
Add support for opaque access tokens #59
Description
As per OAuth2 RFC access token should be treated as opaque strings. The current implementation relies on access tokens being JWT tokens with a scope claim which is used to drive access control for Client Credentials grants.
This divergence from the OAuth2 RFC is a strong limitation to the compatibility of QuickCase with most OIDC providers.
The implementation should be revisited to correctly work with opaque access tokens while preserving strong access control for user-less interactions.