Do service user ignore "Check authorization on Authentication"
Hi,
I am testing service users on a API application (client_id+client_secret) with PATs.
I have one service user with a role/authorization (userA) in the project and one without (userB). In the project I have checked " Check authorization on Authentication". My understanding was that userB should not return as valid under the introspection endpoint. But both are returned as active.
Where is my understanding wrong?
I am testing service users on a API application (client_id+client_secret) with PATs.
I have one service user with a role/authorization (userA) in the project and one without (userB). In the project I have checked " Check authorization on Authentication". My understanding was that userB should not return as valid under the introspection endpoint. But both are returned as active.
Where is my understanding wrong?
