Reputation: 11
Forge APS Restricting Third-Party Hub Access Levels / Visibility - Custom Integration
I've developed an app for Autodesk Revit that processes models in our Autodesk Construction Cloud (ACC) Hub. Through 3-legged authentication users login and can see all the projects they are assigned to. This part is fine.
We collaborate with other partners live in our Revit models (cloud worksharing). In some instances the projects are located on their hubs. I understand that they need to authorise my app on their hub through custom integrations ([https://aps.autodesk.com/en/docs/bim360/v1/tutorials/getting-started/manage-access-to-docs/]).
We don't want to see or access projects that we are not involved in, and I know we need to use 3-legged authentication for this, but what's stopping a developer once approved on a hub developing another app (using the same credentials) that uses 2-legged authentication and accessing all the information on that hub?
I would expect when inviting a developer to a hub through a custom integration that you could choose which types of authentication are available to them and therefore the visibility extents within the hub. I appreciate that there are permission levels for accessing data and administration information.
Thanks
Upvotes: 0
Views: 86
Answers (1)
Reputation: 1096
Agreed. Autodesk is a bit overdue on dealing with this scenario. Currently there is a lot of trust placed on the developers…
Upvotes: 0
Related Questions
- Accessing Revit Files within ACC from an APS Plugin
- Why is BIM360 Issues API call responding with 'user not found' from Forge/APS?
- Forge App and BIM 360 custom integration correct approach
- Initiate BIM360 Docs collaboration programmatically
- Autodesk Forge GET hubs returns hubs I don't have / currently use
- Does the Forge API support 2-legged bearer tokens for Bim360 Team hub types?
- Is model.publish event occur only during Revit publish action?
- Upload models to BIM360 Design, not BIM360 Docs