[keycloak-user] Question about application of protocol mappers when requesting an RPT
Pedro Igor Silva
psilva at redhat.com
Thu Oct 4 14:50:33 EDT 2018
Hi,
Good catch, could you file a JIRA please?
Regards.
Pedro Igor
On Thu, Oct 4, 2018 at 12:01 PM Francisco José Bermejo Herrera <
francisco.bermejo.herrera at tecsisa.com> wrote:
> Hello,
>
> Why are protocol mappers belonging to the token's Authorized Party (azp)
> applied when requesting an RPT instead of those belonging to its Audience
> (aud)?
> For example, when a Token Exchange is performed, the mappers belonging to
> the new Audience are applied, not the Authorized Party ones.
>
> Concretely, we have detected that this behavior is being enforced at this
> line of code:
> AuthorizationTokenService.java#L248
> <
> https://github.com/keycloak/keycloak/blob/24e60747b694ab4d03e8e1cbf8e4da764337ff48/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java#L248
> >
>
> Is that correct? Shouldn't mappers belonging to the Audience be applied
> instead?
>
> Thank you in advance!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list