mirror of
https://github.com/jupyterhub/jupyterhub.git
synced 2025-10-14 13:33:00 +00:00
3076845927
instead of roles, which allow tokens to change permissions over time This is mostly a low-level change, with little outward-facing effects. - on upgrade, evaluate all token role assignments to their current scopes, and store those scopes on the tokens - assigning roles to tokens still works, but scopes are evaluated and validated immediately, rather than lazily stored as roles - no longer need to check for role permission changes on startup, because token permissions aren't affected - move a few scope utilities from roles to scopes - oauth allows specifying scopes, not just roles. But these are still at the level specified in roles, not fully-resolved scopes. - more granular APIs for working with scopes and roles