<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
javascript application itself always accept all authenticated
users, there is no authorization check of roles done in javascript
adapter inside browser after authentication. But after successful
authentication, your javascript app will receive accessToken and
this token will have only roles limited by scopes you configured.
Basically the roles in access token is intersection of:<br>
- roles, which user is assigned to<br>
- roles, configured by scope mapping of your application<br>
<br>
The access token can then be used for REST calls and authorization
of the token and granted roles is done by these rest calls.<br>
<br>
Marek<br>
<br>
On 8.12.2014 14:06, Carlos Feria wrote:<br>
</div>
<blockquote
cite="mid:CAAdSQ6g2bkRwj7u0z1qzUhMXzKP=5HHMWjt4nFeWF9++w8MKPg@mail.gmail.com"
type="cite">
<div dir="ltr"><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px">Hi.
Sorry by the question but i have a problem that i can’t
solve. </span>
<div style="font-size:13px"><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px"><br>
</span></div>
<div style="font-size:13px"><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px">I’m
using “Pure Client Javascript Adapter” and a APPLICATION
WITH “</span><span
style="color:rgb(144,144,144);font-family:'Open
Sans',Helvetica,Arial,sans-serif;font-size:12px;font-weight:600;line-height:16.7999992370605px;text-align:right">Full
Scope Allowed</span><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px"> OFF,
and </span><span
style="color:rgb(144,144,144);font-family:'Open
Sans',Helvetica,Arial,sans-serif;font-size:12px;font-weight:600;line-height:16.7999992370605px">Assigned
Roles </span><span
style="display:inline-block;font-family:FontAwesome;line-height:1;color:rgb(144,144,144);font-size:12px"></span><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px">”. </span></div>
<div style="font-size:13px"><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px"><br>
</span></div>
<div style="font-size:13px"><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px">When
i do “<b>keycloak.init({ onLoad: ‘login-required’ })</b>” the
login page shows, but there accept all user accounts, I need
login just users with Assigned Roles on Scope”. Is there a
bug? how can i solve my problem? Thanks for all.</span></div>
<div style="font-size:13px"><span
style="color:rgb(85,85,85);font-family:Arial,Helvetica,sans-serif;font-size:14px;line-height:22px"><br>
</span></div>
<div><br>
</div>
-- <br>
<div class="gmail_signature">Carlos E. Feria Vila<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>