[keycloak-dev] Disable application scope by default?
Bill Burke
bburke at redhat.com
Tue Jul 29 11:47:34 EDT 2014
On 7/29/2014 11:40 AM, Stian Thorgersen wrote:
> Other than potentially larger tokens I don't see any issue with that.
>
> Although, lately I've been thinking that only having a single list of roles for a realm would be simpler, instead of realm roles and application roles. We could still provide some form of a hierarchy using '/' for example 'myapp/admin'. It's a pretty big shift, but I think it would remove a lot of confusion.
>
A few people have specifically wanted application specific roles. Plus
once you go to the scheme you're suggesting the adapters would more than
likely require a keycloak role -> application role mapping facility.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list