I’m currently trying to understand whether there’s a way to determine which user granted the OAuth token I’m using in the request?
I’ve found the `API Token Details`, but that appears to only expose company-level information.
Could I achieve this by introspecting the JWT claims? (e.g. `sub`?)
Page 1 / 1
Hi Scott,
In short - no. JWTs are authorized by a teammate, but the token itself is not linked to a teammate in any way - it’s a company-level resource.
It’s worth noting that only your global admins can authorize OAuth tokens to be created, so that should narrow down your search.
hey Jason, is this answer still valid today because i happen to run into same blocker?
Yes - still valid today. OAuth access is still granted at a “company” level, so it can not presently be used identify any one teammate.
I did raise this as a feature request at https://front.ideas.aha.io/ideas/PRD-I-9103 - I’d suggest heading there and giving it a +1 vote to register your interest, and leave any relevant comments about why it would be a useful feature for your team!
Login to the community
No account yet? Create an account
Use your Front credentials
Log in with Frontor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.