Closed nichtich closed 5 years ago
Maybe you misunderstood what this was supposed to be for. The field is supposed to contain certain roles (maybe rename "rights" to "roles"?) that a user account has, like "reviewer" or "editor" or whatever. These should (in my opinion) be assigned to the user account in login-server, not to an identity. I also don't really understand what OAuth scopes have to do with it.
Update: These roles should rather be assigned at the application, for example jskos-server could have an object which maps user IDs (from login-server) to roles (in jskos-server).
This is and should not be not used. Rights may be attached to identities as OAuth scopes but that's another issue.