We need a scope parameter. It's best practice for an app to ask for the minimum scope
possible, and that may vary not only on the client.
For example a gallery application could initially only want a users basic profile and
permissions to view pictures. Only if users choose to use the edit feature would it ask
for edit permissions.
It is also common that OAuth provider have this. For example in the Google Cloud Console
you can configure what an application is allowed to ask for, but you are also required to
include a scope parameter. I don't think the scope parameter needs to be required, but
we should add support for it.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 6 March, 2014 1:51:47 PM
Subject: Re: [keycloak-dev] discontinuing scope param
Nah, just going to ignore the scope param. We'll just ignore what pure
openid connect clients send in the scope param.
On 3/6/2014 4:09 AM, Stian Thorgersen wrote:
> Are we adding (or have we already added) the OpenID Connect scope param?
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Wednesday, 5 March, 2014 11:04:46 PM
>> Subject: [keycloak-dev] discontinuing scope param
>>
>> OpenID Connect has its own format for the scope param that interferes
>> with ours. I'm discontinuing our support for it. Scope param will just
>> be ignored now.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com