The reset_token should only be issued if the issuer can update the user. After that the token should be enough to update the user using the token. No extra user / role perm should be needed.
Currently the user editor is used to authenticate permissions. (see UserTokenAuthHandler#83)
The reset_token should only be issued if the issuer can update the user. After that the token should be enough to update the user using the token. No extra user / role perm should be needed.
Currently the user editor is used to authenticate permissions. (see UserTokenAuthHandler#83)