----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 6 March, 2014 3:40:52 PM
Subject: Re: [keycloak-dev] discontinuing scope param
On 3/6/2014 10:24 AM, Stian Thorgersen wrote:
>>
>> BTW, I also wanted to add metadata to roles on whether it should be
>> displayed in a grant page or not.
>
> That's a nice feature, but I can't come up with a use-case for it. Do you
> have one in mind?
Same usecase as you mentioned earlier. To reduce amount of things the
client is asking permission to do on the grant page.
I assume it would be used for a way to have "implicit" permissions granted to a
client, but I couldn't think of anything that a client should be allowed to do without
requestion access
For example, you might have a composite role "Users" and only want to
show that role on the grant page, not its children. Right now, all
roles are showed.
What if a client has a scope on the children and not the composite? Would it display the
children then?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com