[keycloak-dev] Default roles for realms and applications
Stian Thorgersen
stian at redhat.com
Thu Oct 10 10:51:49 EDT 2013
At the moment we only have support for default roles for realms and I was planning to add the same for applications.
Currently when a new user registers the list of default roles for the realm is added. This means that if you create the default roles for the realm, roles for old users won't automatically reflect the changes. When adding default roles for applications the problem becomes even worse as now applications themselves can be added/remove after a user has been added.
As I see it we have two options:
1. Try to keep the default roles for realms and applications in sync with the roles for users
2. Add the default roles for realms and applications to tokens directly
To me option 2 seems the simplest/best
More information about the keycloak-dev
mailing list