----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 1 April, 2015 4:32:25 PM
Subject: Re: [keycloak-dev] Release status
On 4/1/2015 10:29 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: keycloak-dev(a)lists.jboss.org
>> Sent: Wednesday, 1 April, 2015 4:22:42 PM
>> Subject: Re: [keycloak-dev] Release status
>>
>> No, I don't. I"ll look into it after I finish this one thing.
>>
>> Probably should be implemented differently anyways. Token exchange
>> service should be an application with a role that can be assigned to
>> user or applied via a protocol mapper.
>
> Yes, token exchange service as app and role sounds much better. That would
> let you control what users (role-mapping) and apps (scope) that are
> allowed to access it. Would also work with existing grant features if an
> "oauth client" request access. Shame we don't have time to change it
now,
> as it'll probably be a bit of work?!
>
Can't be done by tomorrow. Should I just disable the identity provider
tab until we do this? Or are users asking for access to external tokens?
+1 Let's just disable
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com