gcampo88
commented
7 years ago some more detail from @kookster per our MVP call on 10/9:
- create in id a new scope and role and assign it to kali (plus some test users?) -enforce at the api level in the controllers -- if this scope is present on the token, allow list/index of anything in db; if not, then you only see your own account
- frontend enforcing of that we’ll figure out later
Roles and scopes can come from id.prx.org