credentials: app users should have credential type with 2 keys - app + user

[altsang]

No description provided.

[altsang]

currently EG allows to you specify:

1. users
2. apps

as consumers for APIs

users as API consumers

• Kevin can be a user defined in EG that consumers a set of API endpoints (an API) through a set of matching scopes
• example user case - GitHub allows a GH user to hit their GH API directly as a consumer

apps as API consumers

• Candy Crush can be defined as an app owned by Kevin and as an application , it can access a set of API endpoints (an API) through a set of matching scopes
• example app case - Kevin is a registered user in EG, and he creates Candy Crush, Candy Crush as an app must be affiliated with a user as its owner

app users in EG as consumers
There is a third level of users that utilize the credential management system in EG - app users.

An app users is a user within EG that is a "registered" user of an app known to EG

example)

• Kevin is a user in EG.
• Kevin develops Candy Crush. Candy Crush is an app under Kevin as "owner" in EG
• Vincenzo is a user in EG
• Vincenzo registers as a user who can access his data in Candy Crush the app

Vincenzo's should have a OAuth2 credential for Candy Crush app. Currently I believe Vincenzo only has general OAuth2 credentials which means, he could potentially access any app that has matching scopes (highly unlikely)

this needs to be investigated and rectified

[duongvanba]

Have this issue fixed
I use oauth2 to indentify my user but I can not get user id from headers from eg

[XVincentX]

We haven't been able to work on this issue yet. @duongvanba