On 7/29/2014 1:33 PM, Stan Silvert wrote:
On 7/29/2014 1:08 PM, Bill Burke wrote:
> I've been looking or a good way to explain scope. It is the roles an
> application or oauth client is allowed to ask for.
>
> A user could have the "admin", "buyer" and "seller"
roles, but an
> application with the scope of { "buyer" and "seller" } would only
get a
> token that contained the "buyer" and "seller" role mappings for
that
> user. Does that make sense at all?
>
> Its an extra security measure to limit the privileges
Yes, that makes sense. I think your sentence, "The roles an application
or oauth client is allowed to ask for." should appear in a smaller font
right after the heading "Scope Mappings".
Also, put your example in the doc.
If nothing is assigned in Scope Mappings, then user just gets all the
roles assigned in Users --> username --> Role Mappings, right?
This is for token creation. If no scope is defined (right now), then
the token only gets populated for user role mappings of roles that are
defined in the application. I want to change it so that if no scope is
defined, then all role mappings would populate the token.
Maybe a switch "All user's roles" -> ON/OFF
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com