I think in practice it makes sense. The bearer-only should not be shown in
clients list as it's just about roles. The admin console should have
redirect-uris for the admin console, but not have direct grant enabled.
Finally the admin cli should only have direct grant enabled. That way they
can be configured independently. As they are separate things and this is
how we recommend others to organize their clients then we should do the
same.
On 7 December 2015 at 16:36, Bill Burke <bburke(a)redhat.com> wrote:
Sorry, makes sense now after reading your exchange. In practice
though,
does it matter to have this split? Is it not better to consolidate into
one client?
On 12/7/2015 3:48 AM, Marek Posolda wrote:
> +1. That's what we have now and it's good pattern IMO.
>
> Marek
>
> On 07/12/15 09:38, Stian Thorgersen wrote:
>
>> Should we not have one client for the roles that represents the
>> services (bearer-only), then have a separate clients for admin GUI and
>> CLI?
>>
>> On 7 December 2015 at 09:34, Marek Posolda <mposolda(a)redhat.com
>> <mailto:mposolda@redhat.com>> wrote:
>>
>> On 03/12/15 20:06, Bill Burke wrote:
>> > * We can remove the realm-management client in each realm and
>> just merge
>> > the roles into security-admin-console.
>> Not sure about this one TBH. Also in 1.7 we introduced the
>> "admin-cli"
>> client, which is used for direct-grants and has scope to
>> realm-management similarly like security-admin-console. The
>> security-admin-console is used for UI of admin console (javascript
>> client) when admin-cli is used for direct access to admin REST
>> endpoints
>> for example from admin-client.
>>
>> Marek
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com