[keycloak-dev] Backward compatibility of server and adapters
Marek Posolda
mposolda at redhat.com
Fri Jul 1 08:36:03 EDT 2016
+1
Marek
On 01/07/16 08:43, Stian Thorgersen wrote:
> I'm not convinced about that approach. We'll end up having to test and
> maintain this in the long run.
>
> How about a staged approach instead:
>
> * Keycloak 2.1 & RH-SSO 7.0.1 - add scope=openid, also add mention in
> release not and migration guide that the ID token will soon not be
> included anymore
> * Keycloak 2.3 & RH-SSO 7.1 - stop sending ID token if scope is not
> included
>
> On 30 June 2016 at 16:00, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> I am thinking whether to add configuration switch in admin console per
> client, where you can define what is the adapter version the
> particular
> client is using. In that case, some behaviour can be
> different/backwards
> compatible.
>
> Example: For new clients, we will include IDToken just if they use
> "scope=openid" . However for clients with adapter "1.9" or older, the
> IDToken will be included even if "scope=openid" is not used.
>
> WDYT?
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160701/8957ed71/attachment.html
More information about the keycloak-dev
mailing list