I don't think you've thought this through. Of course you would want scope on a client template.
Client Template allows scope for Service A, Service B, and Service C.
Client 1, Client 2, and Client 3 all need to access Service A, B, and C. You'd have to define scope in each client when it would be easier to define it in the client template.
On 12/17/2015 3:58 AM, Stian Thorgersen wrote:
Not sure we even need scope in client templates? Isn't it sufficient to
only have scope control on a per-client?
For example say there's 3 clients in a group of clients:
* service - user and admin roles
* user console
* admin console
You don't want the user console to have scope on the admin console just
because it's in the same group. Also, you don't want the service to have
any scope.
Can anyone come up with an example where scope on the client template
would be useful?
On 16 December 2015 at 14:22, Marek Posolda <mposolda@redhat.com
<mailto:mposolda@redhat.com>> wrote:
On 15/12/15 18:34, Bill Burke wrote:
> So, what to do about scope and client templates? Client templates could
> have "full scope allowed" or define a scope. A client would either
> click "full scope allowed" or it can add additional scoped roles.
>
> Sound ok?
>
yes to me. I suppose each client will still automatically receives his
own client roles to the scope like it's now.
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev