Possible related question is, if bearer-only applications need scopes
and claims? Should we hide "Scopes" and "Claims" tabs in admin console
when editing bearer-only application?
On 12.9.2014 14:51, Bill Burke wrote:
Negative. Bearer-only applications can receive revocation policies.
i.e. "don't accept tokens before this date". In the future we may want
to push things like allowed CORS origins, IP blacklists, user
blacklists, etc. There's also stats we may want to gather from the
On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
> I propose we remove the "Admin URL" field for bearer-only applications. As
a bearer-only application doesn't manage any user sessions there's not much point
in propagating logouts to those.
> keycloak-dev mailing list