[keycloak-dev] discontinuing scope param

[Stian Thorgersen]

We need a scope parameter. It's best practice for an app to ask for the minimum scope possible, and that may vary not only on the client.

For example a gallery application could initially only want a users basic profile and permissions to view pictures. Only if users choose to use the edit feature would it ask for edit permissions.

It is also common that OAuth provider have this. For example in the Google Cloud Console you can configure what an application is allowed to ask for, but you are also required to include a scope parameter. I don't think the scope parameter needs to be required, but we should add support for it.

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 6 March, 2014 1:51:47 PM
> Subject: Re: [keycloak-dev] discontinuing scope param
> 
> Nah, just going to ignore the scope param.  We'll just ignore what pure
> openid connect clients send in the scope param.
> 
> On 3/6/2014 4:09 AM, Stian Thorgersen wrote:
> > Are we adding (or have we already added) the OpenID Connect scope param?
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Wednesday, 5 March, 2014 11:04:46 PM
> >> Subject: [keycloak-dev] discontinuing scope param
> >>
> >> OpenID Connect has its own format for the scope param that interferes
> >> with ours.  I'm discontinuing our support for it.  Scope param will just
> >> be ignored now.
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>