[keycloak-user] Question about application of protocol mappers when requesting an RPT
Francisco José Bermejo Herrera
francisco.bermejo.herrera at tecsisa.com
Fri Oct 5 04:23:17 EDT 2018
Hi Pedro,
Thanks for your quick reply. Here is the issue:
https://issues.jboss.org/browse/KEYCLOAK-8489
Regards,
Francisco Bermejo
El jue., 4 oct. 2018 a las 20:50, Pedro Igor Silva (<psilva at redhat.com>)
escribió:
> Hi,
>
> Good catch, could you file a JIRA please?
>
> Regards.
> Pedro Igor
>
> On Thu, Oct 4, 2018 at 12:01 PM Francisco José Bermejo Herrera <
> francisco.bermejo.herrera at tecsisa.com> wrote:
>
>> Hello,
>>
>> Why are protocol mappers belonging to the token's Authorized Party (azp)
>> applied when requesting an RPT instead of those belonging to its Audience
>> (aud)?
>> For example, when a Token Exchange is performed, the mappers belonging to
>> the new Audience are applied, not the Authorized Party ones.
>>
>> Concretely, we have detected that this behavior is being enforced at this
>> line of code:
>> AuthorizationTokenService.java#L248
>> <
>> https://github.com/keycloak/keycloak/blob/24e60747b694ab4d03e8e1cbf8e4da764337ff48/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java#L248
>> >
>>
>> Is that correct? Shouldn't mappers belonging to the Audience be applied
>> instead?
>>
>> Thank you in advance!
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
More information about the keycloak-user
mailing list