A member can be added to a credential group using an api key or an active session

Question

A member can be added to a credential group using an api key or an active session

vplasencia opened this issue 8 months ago · 0 comments

vplasencia commented 8 months ago

Describe the bug

A member can be added to a credential group using an api key or an active session.

To Reproduce

Steps to reproduce the behavior:

Create a credential group.
Use the api docs to add a member.
The member will be added successfully because there is an active session.

If we use an admin api key. The member will be added too.

Expected behavior

Throw an error because you cannot add a member to a credential group using an api key or an active session. The member will always need to prove they meet the criteria.