[keycloak-dev] Default roles for realms and applications
Bill Burke
bburke at redhat.com
Thu Oct 10 20:22:43 EDT 2013
Implementing Groups would solve this issue. Then you can modify the
group and not worry about old users.
On 10/10/2013 10:51 AM, Stian Thorgersen wrote:
> At the moment we only have support for default roles for realms and I was planning to add the same for applications.
>
> Currently when a new user registers the list of default roles for the realm is added. This means that if you create the default roles for the realm, roles for old users won't automatically reflect the changes. When adding default roles for applications the problem becomes even worse as now applications themselves can be added/remove after a user has been added.
>
> As I see it we have two options:
>
> 1. Try to keep the default roles for realms and applications in sync with the roles for users
> 2. Add the default roles for realms and applications to tokens directly
>
> To me option 2 seems the simplest/best
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list