After successfully configuring drupal 8 with json-api and "simple oauth module" as a headless instance for my react project, I am currently facing an issue regarding ONLY FETCHING A USER's OWN PUBLISHED CONTENT. Of course there are filter options like http://.../jsonapi/node/node?filter[uid.name][value]=userXYZ (https://www.drupal.org/docs/8/modules/jsonapi/filtering), but as the word "filter" indicates ... it is a filter ... not a restriction of access to other users.
PATCH request: The permission setting "editing only OWN published content" in drupal works fine as the PATCH request in the react project sends a Header with authorization data. In other words: in the react instance a logged in user can only edit his/her own published content. THAT WORKS.
GET request1: with the user permission setting in drupal that allows "view published content" for the oauth role for fetching data via GET request ---> all data from http://.../jsonapi/node/node is returned unless I add a filter (and a filter as url parameter based on username or userid is what I am trying to avoid).
GET request2: with the user permission setting in drupal that allows "view OWN published content" for the oauth role for fetching data via GET request ... returns no data.