Hi Folks,
Scenario:
Having two organisation org1 and org2.
- enable the jwt token
2)using below api got the token from vault
/v1/auth/jwt/login
let us take e.g we register with org1 and name as testuser1 - we recived the jwt token and added the identities inside one secret
- when getting this identity, application login and get the jwt token as mension step 2
5)problem here is if org2 also having same user (testuser1). vault is not able to differntiate the user. - if user login with org1/testuser1 got jwt token, testuser1 is there in org2 as well (org2/testuser1)
- org1/testuser1 jwt token can access the identity of org2/testuser1, it should come permission denied but we are getting value