#3525572: Implement OAuth2 authentication for API endpoints related to code components (!1085) · Merge requests · project / experience_builder

A route subscriber setting our own authentication provider (and cookie) on a select list of routes, and an authentication provider that checks the entity type to decide if it should be applied. If so, it delegates to the authentication provider of the Simple OAuth module. We can add more control in our own provider later as needed.

OAuth scopes are shipped as config using the most common scope provider of the Simple OAuth module: dynamic scopes.

Edited Jun 10, 2025 by Bálint Kléri

#3525572: Implement OAuth2 authentication for API endpoints related to code components

Merge request reports