SYNC - api keys with scope sync should belong to the Account not the Organization

ppazos / cabolabs-ehrserver

Open platform to manage and share standardized clinical data, designed by @ppazos at CaboLabs Health Informatics.

https://cabolabs.com

Apache License 2.0

179 stars 110 forks source link

SYNC - api keys with scope sync should belong to the Account not the Organization #975

Closed ppazos closed 6 years ago

ppazos commented 6 years ago

REF: #971

tokens with sync scope should be created from a new Sync section on the main menu, not from the Organization show.
token Organization should be nullable for sync tokens and should not include org data in extradata
user scope needs an Organization, sync includes all Accounts and Organizations
sync tokens should be created only by admins for now

ppazos commented 6 years ago

And extra data should not contain the org if scope=sync:

And should contain the scope itself.

{
  "username": "xxx",
  "extradata": {
    "organization": "123456",
    "org_uid": "e9d13294-bce7-44e7-9635-8e906da0c914"
  },
  "issued_at": "2018-09-01T03:01:57.644Z"
}

ppazos commented 6 years ago

Refactor: ApiKey.organization is NULLABLE