[keycloak-dev] Remove admin-url for bearer-only applications
Marek Posolda
mposolda at redhat.com
Fri Sep 12 11:43:18 EDT 2014
Possible related question is, if bearer-only applications need scopes
and claims? Should we hide "Scopes" and "Claims" tabs in admin console
when editing bearer-only application?
On 12.9.2014 14:51, Bill Burke wrote:
> Negative. Bearer-only applications can receive revocation policies.
> i.e. "don't accept tokens before this date". In the future we may want
> to push things like allowed CORS origins, IP blacklists, user
> blacklists, etc. There's also stats we may want to gather from the
> applications.
>
> On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
>> I propose we remove the "Admin URL" field for bearer-only applications. As a bearer-only application doesn't manage any user sessions there's not much point in propagating logouts to those.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
More information about the keycloak-dev
mailing list