Re: [keycloak-dev] discontinuing scope param
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 6 March, 2014 3:14:16 PM
Subject: Re: [keycloak-dev] discontinuing scope param
On 3/6/2014 10:01 AM, Stian Thorgersen wrote:
> For applications yes, this is just a "performance" optimization, and it
> would probably never be used.
>
> For clients it's important. Users may choose not to use an application if
> it requests to many permissions. In my previous example you may be happy
> with a gallery application viewing your pictures, but if it requests to
> edit your pictures as well and you're not happy with it both you as a user
> and the developer of the application loose out.
>
> Have a look at http://www.youtube.com/watch?v=vFsxQHSSkRs it explains it
> all in 1 min
>
> It would also be cool if we added a way to mark parts of the scope as
> optional. For example in the above example the gallery app could say it
> requires to view the profile and view pictures, but only optionally edit
> pictures. On the grant page there could be a checkbox next to optional
> permissions that let's a user allow/disallow that specific permission.
>
I'm still removing what we currently have until a new param format is
decided on and implemented that fits in openid connect scope param
format constraints. This scope param support I'm removing isn't
documented anyways, so I doubt anybody has tried it out.
That's fine, I can create a JIRA issue to add support for it. I thought you where
proposing to remove it and never add it back ;)
Unless someone explicitly asks for it I think we're fine with leaving it until later
BTW, I also wanted to add metadata to roles on whether it should be
displayed in a grant page or not.
That's a nice feature, but I can't come up with a use-case for it. Do you have one
in mind?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com