Contrib.social

6.0 is missing cache context + access policy support

Open on Drupal.org β†’
Created on 18 February 2025, 7 months ago

Problem/Motivation

When dealing with multiple consumers that have set the same default user, this will result in unexpected access behaviour. The current cache context is based on roles, this made sense in simple_oauth: 5.2 where scopes are roles, but in 6.0 the scopes are a separate entity which reference to permissions or roles.

Proposed resolution

We should introduce the new access policy (from Drupal 10.3) and custom cache context for scopes. This way the cache keys will be unique by user and requested scopes. Leveraging the access policy will also give the community possibilities to alter or add their own policies.
Drupal 10.2 is EOL, so we can increase the minimum Drupal core requirement to 10.3 and don't have to consider BC.

Workaround that can be used is to set a different default user (with unique roles) per consumer.

πŸ› Bug report
Status

Active

Version

6.0

Component

Code

Created by

πŸ‡³πŸ‡±Netherlands bojan_dev

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024