[keycloak-user] Client role scope param
Marek Posolda
mposolda at redhat.com
Thu Sep 6 15:29:29 EDT 2018
I suggest to migrate to latest 4.4.0. The "Scope Param Required" switch
is not here anymore and there is much better support for the "scope"
parameter.
Marek
On 06/09/18 15:36, Ulrik Lejon wrote:
> Hi,
>
> I'm having some issues understanding how to use the "Scope Param Required"
> switch when creating a role on my client. I have created a new client in
> the master realm, lets call it "master-client". Next I went to Clients >
> Master-client -> Roles and added a role named "role-one". In the wizard
> where I created the role I selected true on the switch "Scope Param
> Required". After that I created a new user and added the role "role-one" to
> that user.
>
> When I look at the access token the user receives when logging in using the
> javascript adapter I can not see "role-one" in the roles array in the
> resource_access object. I get this: "resource_access": {}.
> However, If I edit the role and select false on the switch "Scope Param
> Required" I can see "role-one" in the JWT: "resource_access": {
> "master-client": { "roles": [ "role-one" ] } }
>
> What am I missing? I'm using Keycloak 3.1.0.FINAL and keycloak-js 3.4.3,
> Cheers,
> Ulrik
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list