[keycloak-dev] OAuth2 Incremental Authorization

Pedro Igor Silva psilva at redhat.com
Wed Apr 25 07:50:10 EDT 2018


Yeah, I agree it should be the same authentication session. And that spec
can be a good reference to make sure we are doing it correctly or at least
based on other experiences around this requirement.

>From what I have seen in oauth2 mailing list, people there are willing to
make it a standard.

On Wed, Apr 25, 2018 at 4:13 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Haven't read that spec yet. With Marek's work it should be possible for a
> client to request additional scopes by redirecting to login screen again,
> but there's probably more to it than that. One thing that at least comes to
> mind is that it should be the same authentication session.
>
> On 24 April 2018 at 14:41, Pedro Igor Silva <psilva at redhat.com> wrote:
>
>> Hi,
>>
>> I think this is related with what we discussed in our last meeting
>> regarding scopes.
>>
>> See https://datatracker.ietf.org/doc/draft-wdenniss-oauth-increm
>> ental-auth/.
>>
>> We have that in AuthZ Services, but this should be pure OAuth2.
>>
>> Regards.
>> Pedro Igor
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>


More information about the keycloak-dev mailing list