Skip to content

Chore: drop vestigial disavow:auth/clear:session scopes (fixes #54)#55

Merged
taylortom merged 1 commit into
masterfrom
drop-vestigial-auth-scopes
Jul 13, 2026
Merged

Chore: drop vestigial disavow:auth/clear:session scopes (fixes #54)#55
taylortom merged 1 commit into
masterfrom
drop-vestigial-auth-scopes

Conversation

@taylortom

Copy link
Copy Markdown
Contributor

Fixes #54

Chore

  • Removed disavow:auth and clear:session from the default authuser role in conf/config.schema.json. Neither scope gates anything: POST /api/auth/disavow is being made authenticated-only (logout is self-authorising), and /api/session/clear has no registered handler. Only affects freshly-seeded installs; existing DB roles keep the (harmless, unused) scopes.

@taylortom
taylortom merged commit 60a42a4 into master Jul 13, 2026
3 checks passed
@taylortom
taylortom deleted the drop-vestigial-auth-scopes branch July 13, 2026 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

Remove vestigial disavow:auth and clear:session from default authuser role

1 participant