8:46 a.m.
Scope parameter would reference client scopes. For example scope
parameter "openid email profile offline_access" will reference client
scopes "email", "profile" and "offline_access" (openid is
jsut generic
OpenID Connect marker). And each client scope is set of protocolMappers
and/or Role scope mappings.
Marek
On 15/03/18 12:39, Pedro Igor Silva wrote:
How a scope looks like now after your changes ? Are they just strings
referencing a set of one or more roles ? Or they are still roles ?
On Wed, Mar 14, 2018 at 5:03 PM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
That's good question. As you know, we also have "Scope" tab (used to
specify scope role mappings of client) and "Authorization scope",
which
is used when Authorization is enabled :)
Marek
On 14/03/18 14:37, Schuster Sebastian (INST/ESY1) wrote:
> Hi,
>
> I saw there are activities to replace client templates with
client scopes. UMA 2.0 uses the term “client scope” to determine
what the OAuth client wants to do with the granted access (e.g.
this could be used to determine the purpose of processing some
data for GDPR compliance). Since Keycloak will also support UMA
2.0, I am a little concerned this might lead to some confusion. As
you know, there are only two hard problems in computer science:
cache invalidation, naming things, and off-by-one errors. ☺ WDYT?
>
> Best regards,
> Sebastian
>
> Mit freundlichen Grüßen / Best regards
>
> Dr.-Ing. Sebastian Schuster
>
> Engineering and Support (INST/ESY1)
> Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109
Berlin | GERMANY | www.bosch-si.com
<http://www.bosch-si.com><http://www.bosch-si.com
<http://www.bosch-si.com>>
> Tel. +49 30 726112-485 <tel:%2B49%2030%20726112-485> | Fax +49
30 726112-100 <tel:%2B49%2030%20726112-100> |
Sebastian.Schuster(a)bosch-si.com
<mailto:Sebastian.Schuster@bosch-si.com><mailto:Sebastian.Schuster@bosch-si.com
<mailto:Sebastian.Schuster@bosch-si.com>>
>
> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB
148411 B
> Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke;
Geschäftsführung: Dr. Stefan Ferber, Michael Hahn
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
<https://lists.jboss.org/mailman/listinfo/keycloak-dev>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<https://lists.jboss.org/mailman/listinfo/keycloak-dev>