...

• GraphQL API
  Capitation Contract
  Reimbursement Contract
• Features

Validation

Validate token

• Verify the validity of access token
  • Return 401 in case validation fails
• token is not expired
  • in case error return 401 

Validate scopes

• Check user scopes in order to perform this action (scope = 'contract:read')
  1. Return 403 in case invalid scope(s)

...

• if TOKENS_TYPES_PERSONAL
  • Check client_id = contracts.contractor_legal_entity_id
    • in case error return 403 "User is not allowed to view this contract"

...