[keycloak-dev] token exchange permission model

Bill Burke bburke at redhat.com
Fri Aug 18 10:26:01 EDT 2017

Right now I have a "exchange-from" and "exchange-to" permission when 
exchanging client->client tokens.  I'm wondering if an "exchange-from" 
permission needs to exist?  Would we ever have the case where a client 
is allowed to "exchange-to", but not "exchange-from"?  I'm thinking this 
is just overboard and would rarely be used.


More information about the keycloak-dev mailing list