I'm not convinced about that approach. We'll end up having to test and
maintain this in the long run.
How about a staged approach instead:
* Keycloak 2.1 & RH-SSO 7.0.1 - add scope=openid, also add mention in
release not and migration guide that the ID token will soon not be included
* Keycloak 2.3 & RH-SSO 7.1 - stop sending ID token if scope is not included
On 30 June 2016 at 16:00, Marek Posolda <mposolda(a)redhat.com> wrote:
I am thinking whether to add configuration switch in admin console
client, where you can define what is the adapter version the particular
client is using. In that case, some behaviour can be different/backwards
Example: For new clients, we will include IDToken just if they use
"scope=openid" . However for clients with adapter "1.9" or older,
IDToken will be included even if "scope=openid" is not used.
keycloak-dev mailing list