Missing resourceId will cause the token to miss any app specific roles that might be configured.
Now, in our our endpoints that are called with scheduler, we are forced to remove any role-checking attributes. This leaves us more vulnerable to attacks since we check authentication only and not authentication + authorization.1 vote
We want to use the scheduler to call (POST) an API endpoint that we currently have secured with JWT tokens.
As security provider we are using Auth0.
We noticed that there are some configurations regarding authentication, but seems that there is no way of configuring Auth0 here. The settings needed are (almost) the same as for ActiveDirectoryOAuth.
Are there any plans currently to support this ? Are there any workarounds that we can apply?1 vote
- Don't see your idea?