[keycloak-dev] default roles changes
Marek Posolda
mposolda at redhat.com
Wed Nov 6 06:02:39 EST 2013
Hi Bill,
I think that Stian will be online later today and he will describe all
the details why it's done this way, but can you please wait for him
before changing this code? I don't know the details, but I think that
idea is described in mail "Composite roles" from 2013-10-23 (nobody
replied to this mail) where is described that composite roles is
something like "container" for other roles and these composite roles
won't be added directly to access token, but instead token will be
populated just with simple roles, which are contained in composite role.
Marek
On 6.11.2013 05:15, Bill Burke wrote:
>
> On 11/5/2013 9:34 PM, Bill Burke wrote:
>> I'm trying to resolve merge conflicts and came across the new default
>> roles changes.
>>
>> Why are you adding default roles to tokens? This is just not correct
>> and not the way we should be doing things. Instead, default roles
>> should be used to populate user role mappings when a user is created.
>>
>> I'm removing the token population code you ahve.
>>
> Was too tired to remove this with my PR. This needs to be revisited as
> its not the appropriate approach.
>
More information about the keycloak-dev
mailing list