<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix"> +1<br>

      <br>

      Marek<br>

      <br>

      On 01/07/16 08:43, Stian Thorgersen wrote:<br>

    </div>

    <blockquote

cite="mid:CAJgngAcKQ9=jz4_8ddSwCkRzN5bcVSipDLGCyCa8xYiVyhyoqg@mail.gmail.com"

      type="cite">

      <div dir="ltr">I'm not convinced about that approach. We'll end up

        having to test and maintain this in the long run.

        <div><br>

        </div>

        <div>How about a staged approach instead:</div>

        <div><br>

        </div>

        <div>* Keycloak 2.1 &amp; RH-SSO 7.0.1 - add scope=openid, also

          add mention in release not and migration guide that the ID

          token will soon not be included anymore</div>

        <div>* Keycloak 2.3 &amp; RH-SSO 7.1 - stop sending ID token if

          scope is not included<br>

        </div>

      </div>

      <div class="gmail_extra"><br>

        <div class="gmail_quote">On 30 June 2016 at 16:00, Marek Posolda

          <span dir="ltr">&lt;<a moz-do-not-send="true"

              href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">I am

            thinking whether to add configuration switch in admin

            console per<br>

            client, where you can define what is the adapter version the

            particular<br>

            client is using. In that case, some behaviour can be

            different/backwards<br>

            compatible.<br>

            <br>

            Example: For new clients, we will include IDToken just if

            they use<br>

            "scope=openid" . However for clients with adapter "1.9" or

            older, the<br>

            IDToken will be included even if "scope=openid" is not used.<br>

            <br>

            WDYT?<br>

            Marek<br>

            _______________________________________________<br>

            keycloak-dev mailing list<br>

            <a moz-do-not-send="true"

              href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>

            <a moz-do-not-send="true"

              href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"

              rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>

          </blockquote>

        </div>

        <br>

      </div>

    </blockquote>

    <br>

  </body>

</html>