After much consideration, we've decided to make the serviceId parameter "optional" in order to fulfill backward compatible requirement.
GET/HEAD /tokens/{tokenId}?[belongsTo=<tenantID>&][serviceId=<comma-separated service IDs>]
Keep in mind that the absence of serviceId, if one chooses to, means we still have tenant role conflicts/overlaps security problems as described in the bug.
Please let me know if there are objections. Otherwise, I'll start implementing the changes.
After much consideration, we've decided to make the serviceId parameter "optional" in order to fulfill backward compatible requirement.
GET/HEAD /tokens/ {tokenId} ?[belongsTo= <tenantID> &][serviceId= <comma- separated service IDs>]
Keep in mind that the absence of serviceId, if one chooses to, means we still have tenant role conflicts/overlaps security problems as described in the bug.
Please let me know if there are objections. Otherwise, I'll start implementing the changes.