[keycloak-dev] Disable application scope by default?
Stian Thorgersen
stian at redhat.com
Tue Jul 29 11:40:04 EDT 2014
Other than potentially larger tokens I don't see any issue with that.
Although, lately I've been thinking that only having a single list of roles for a realm would be simpler, instead of realm roles and application roles. We could still provide some form of a hierarchy using '/' for example 'myapp/admin'. It's a pretty big shift, but I think it would remove a lot of confusion.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 29 July, 2014 4:27:02 PM
> Subject: Re: [keycloak-dev] Disable application scope by default?
>
>
>
> On 7/29/2014 11:07 AM, Stian Thorgersen wrote:
> > Not sure I fully understand.
> >
> > At the moment an application has scope on all it's own roles. I assume you
> > mean that you're proposing that it should have a "scope" on all roles a
> > user has?
> >
>
> Yes exactly.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list