[keycloak-user] Client role scope param
Ulrik Lejon
ulrik.lejon at mollyware.se
Thu Sep 6 09:24:48 EDT 2018
Hi,
I'm having some issues understanding how to use the "Scope Param Required"
switch when creating a role on my client. I have created a new client in
the master realm, lets call it "master-client". Next I went to Clients >
Master-client -> Roles and added a role named "role-one". In the wizard
where I created the role I selected true on the switch "Scope Param
Required". After that I created a new user and added the role "role-one" to
that user.
When I look at the access token the user receives when logging in using the
javascript adapter I can not see "role-one" in the roles array in the
resource_access object. I get this: "resource_access": {}.
However, If I edit the role and select false on the switch "Scope Param
Required" I can see "role-one" in the JWT: "resource_access": {
"master-client": { "roles": [ "role-one" ] } }
What am I missing? I'm using Keycloak 3.1.0.FINAL and keycloak-js 3.4.3,
Cheers,
Ulrik
More information about the keycloak-user
mailing list