On 11/19/2019 5:34 AM, Stian Thorgersen wrote:
Added a PR with new account-console client here:
https://github.com/keycloak/keycloak/pull/6501
All roles and permissions are still associated with "account" client
as that is what represents the Account REST API. So the only thing
that is needed is to create a new account-console public client with
the correct scope/audience and update index.ftl to use account-console
client. Ignoring the migration code and tests it is a pretty simple
change.
That's great. Can you enlighten us on how this actually works? I take
it the magic happens in AudenceResolveProtocolMapper? I'm not clear on
what is going on there.
On Mon, 18 Nov 2019 at 20:42, Stan Silvert <ssilvert(a)redhat.com
<mailto:ssilvert@redhat.com>> wrote:
On 11/18/2019 8:23 AM, Stan Silvert wrote:
> Also remember, that we still have option #2, which requires only a
> documentation note. That is:
> 2) Document that "tech preview" users should go to Client ->
account.
> Then change the Access Type to "public".
>
> If you want, I can implement option #1 and just do a PR with the
change
> of "account" client to "public". Then we can see if that
breaks
> anything. That would at least tell us a little more. Then we
can make
> a final decision on what to do.
>
> But I don't want to wait very long for a decision. We need to
get this
> nailed down so we can finish new account console in time for
tech preview.
>
I went ahead and implemented #1. All tests pass.
https://github.com/keycloak/keycloak/pull/6500
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev