On 05/11/15 14:43, Paul Wolf wrote:

Hi guys,

I am currently evaluating Keycloak and so far I have only two complaints:
1. The implicit flow is not supported, but I already found a Jira issue for that. How realistic is it that the feature comes with 1.7CR1?

It's planned and very realistic that it really happens :-)

2. When the client consent is needed for an application, which uses the password grant flow, the flow fails all the time... Even if the consent has been given. This seems an easy to fix bug. Will you fix that? Should I write a fix and make a pull request?

+1

makes sense to me to let the password grant flow happen if consent has been already given. Feel free to create JIRA and PR will be even better. Current checking of consent is done in AuthenticationManager.actionRequired method. I hope you can extract the consent checking to separate method and reuse it.

Marek

Otherwise good stuff so far :)

Best regards,
Paul

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev