I’ve read as much as I can on the forum and the documentation but still cannot figure out if the behaviour I’m expecting is correct or not. So I’m hoping that someone may be able to help shed some light.
I’m building an app in Angular that accesses the REST API and therefore needs to only have access to tasks etc that the user is authorised for.
For the moment I’ve enabled basic authentication for simplicity but am hoping to eventually move to JWT tokens provided by an external authentication service like Auth0 or AWS cognito.
What I thought should happen is that when an authenticated user issues the GET /engine-rest/task call, they should receive a response containing only the tasks that they are assigned to or those where they belong to a group named in the candidate group for the task.
This isn’t quite what happens though. It seems that some tasks are not returned which is good I think, but the tasks I want are returned to all the groups.
In reality I’m confused as to what is actually happening so am unable to figure out what to do!
I hope this make sense, I’ve found it difficult to explain succinctly. All help much appreciated!