[keycloak-dev] Default roles for self-registered users

[Bill Burke]

On 11/4/2013 6:02 AM, Stian Thorgersen wrote:
> It has to be possible to define roles assigned to self-registered users, including roles for the realm, and for individual applications. Without this self-registering users is a useless feature.
>
> There are different options to providing this feature:
>
> 1. List of default roles associated with a realm and with applications. This is clearly the simplest solution, we already have it for realms, but can't config it through the admin console
> 2. Composite roles. This is slightly more complex as we need to support composite roles, but then after that you probably need to be able to list default roles (including composites) for realms/applications as well, so it would require option 1
> 3. Groups. Similar work required to implement as composite roles, but harder to integrate nicely with oauth scopes
>
> My plan was to go with option 2, but with the store being ripped out that makes it harder to do that now. It would have to wait until the store is completed, which I don't know how long will take. Option 1 is a lot simpler to implement, and wouldn't be replaced by option 2 it would be in addition, so unless there's objections I'll start work on option 1.
>

New store should be done today or tomorrow.  But just extend the PL 
backend and the API model.  If you implement composites before I finish 
the store, I'll just merge and model your changes in the JPA store.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com