This changes the behavior of what to do if an entity requests a group in wlcg.groups that they are not entitled to. Instead of allowing an access token to be returned without the scope, specify an access_denied error.
This is consistent with the proposal for wlcg.capabilityset in pr #10.
This changes the behavior of what to do if an entity requests a group in wlcg.groups that they are not entitled to. Instead of allowing an access token to be returned without the scope, specify an access_denied error.
This is consistent with the proposal for wlcg.capabilityset in pr #10.