jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-06 06:02:35 -05:00
Code Issues Projects Releases Wiki Activity
Files
ffab5ffbdd0f3be0d5c2012fc70beb91ec621cf2
docs/data/reusables/apps/best-practice-validate-org-access.md
Hirsch Singhal c2342d412a Add id and org contexts best practices (#50817) 
Co-authored-by: jokego <100397366+jokego@users.noreply.github.com>
Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com>
Co-authored-by: SiaraMist <siaramist@github.com>
2024-06-27 20:29:09 +00:00

661 B
Raw Blame History

When you use a user access token, you should track which organizations the token is authorized for. If an organization uses SAML SSO and a user has not performed SAML SSO, the user access token will not have access to that organization. You can use the GET /user/installations REST API endpoint to verify which organizations a user access token has access to. If the user is not authorized to access an organization, you should prevent their access to organization owned data within your own application until they perform SAML SSO. For more information, see "AUTOTITLE."

Reference in New Issue View Git Blame Copy Permalink