[keycloak-user] Direct Access Grants & 'Client

Stian Thorgersen stian at redhat.com
Tue Aug 26 03:07:16 EDT 2014


Scope is what roles an application is permitted to ask for, while role mappings for a user is what roles are actually granted.

For example an application could have a scope one role A and B, but only have a role mapping on role A. On its own the application only has access to role A, while if acting on behalf of a user that has both role A and B the application would have both roles.

----- Original Message -----
> From: "John DODGE CONSULTING SERVICES Schneider, LLC" <John.Schneider at carrier.utc.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 12 August, 2014 6:32:34 PM
> Subject: Re: [keycloak-user] Direct Access Grants & 'Client
> 
> 
> 
> Not sure if I follow you Bill. Don’t we already have scope (role) assignment
> capabilities for both OAuth Clients and Applications?
> 
> 
> 
> 
> 
> Date: Tue, 12 Aug 2014 12:13:21 -0400
> 
> From: Bill Burke < bburke at redhat.com >
> 
> Subject: Re: [keycloak-user] Direct Access Grants & 'Client
> 
> Credentials' OAuth2 grant type
> 
> To: keycloak-user at lists.jboss.org
> 
> Message-ID: < 53EA3D21.7060609 at redhat.com >
> 
> Content-Type: text/plain; charset=windows-1252; format=flowed
> 
> 
> 
> Right now we require you to create a user and give permissions to that user.
> Not sure if we'll add client credentials grant as it would require having
> role mappings for clients and applications.
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list