Audiences
We use the concept of Audiences in an OAuth JWT to scope the token to a set of Space Blocks resources it is allowed to talk to. If a user has not deployed any instance of Space Block Foo, their tokens will not contain Foo's audience. At the same time, the Foo Space Block checks each incoming token for its audience. If the audience is not present, the request is rejected.
Space Blocks Audiences
The following audiences have been defined for Space Blocks:
Space Block | Audience |
---|---|
Permissions | permissions.spaceblocks.cloud |