[keycloak-dev] Client Scope naming

Marek Posolda mposolda at redhat.com
Fri Mar 16 03:46:19 EDT 2018


Scope parameter would reference client scopes. For example scope 
parameter "openid email profile offline_access" will reference client 
scopes "email", "profile" and "offline_access" (openid is jsut generic 
OpenID Connect marker).  And each client scope is set of protocolMappers 
and/or Role scope mappings.

Marek

On 15/03/18 12:39, Pedro Igor Silva wrote:
> How a scope looks like now after your changes ? Are they just strings 
> referencing a set of one or more roles ? Or they are still roles ?
>
> On Wed, Mar 14, 2018 at 5:03 PM, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     That's good question. As you know, we also have "Scope" tab (used to
>     specify scope role mappings of client) and "Authorization scope",
>     which
>     is used when Authorization is enabled :)
>
>     Marek
>
>     On 14/03/18 14:37, Schuster Sebastian (INST/ESY1) wrote:
>     > Hi,
>     >
>     > I saw there are activities to replace client templates with
>     client scopes. UMA 2.0 uses the term “client scope” to determine
>     what the OAuth client wants to do with the granted access (e.g.
>     this could be used to determine the purpose of processing some
>     data for GDPR compliance). Since Keycloak will also support UMA
>     2.0, I am a little concerned this might lead to some confusion. As
>     you know, there are only two hard problems in computer science:
>     cache invalidation, naming things, and off-by-one errors. ☺ WDYT?
>     >
>     > Best regards,
>     > Sebastian
>     >
>     > Mit freundlichen Grüßen / Best regards
>     >
>     > Dr.-Ing. Sebastian Schuster
>     >
>     > Engineering and Support (INST/ESY1)
>     > Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109
>     Berlin | GERMANY | www.bosch-si.com
>     <http://www.bosch-si.com><http://www.bosch-si.com
>     <http://www.bosch-si.com>>
>     > Tel. +49 30 726112-485 <tel:%2B49%2030%20726112-485> | Fax +49
>     30 726112-100 <tel:%2B49%2030%20726112-100> |
>     Sebastian.Schuster at bosch-si.com
>     <mailto:Sebastian.Schuster at bosch-si.com><mailto:Sebastian.Schuster at bosch-si.com
>     <mailto:Sebastian.Schuster at bosch-si.com>>
>     >
>     > Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB
>     148411 B
>     > Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke;
>     Geschäftsführung: Dr. Stefan Ferber, Michael Hahn
>     >
>     >
>     >
>     > _______________________________________________
>     > keycloak-dev mailing list
>     > keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>



More information about the keycloak-dev mailing list