Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...


Validation

Validate token

  • Verify the validity of access token
    • Return 401 in case validation fails
  • token is not expired
    • in case error return 401 

Validate scopes

  • Check user scopes in order to perform this action (scope = 'contract:read')
    1. Return 403 in case invalid scope(s)

...

  • if TOKENS_TYPES_PERSONAL
    • Check client_id = contracts.contractor_legal_entity_id
      • in case error return 403 "User is not allowed to view this contract"

...