Why not just do a window.reload(), which will redirect to login screen and get a new token
with the new roles?
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 23 May, 2014 3:46:08 PM
Subject: [keycloak-dev] FYI: can't use token to auth admin console
Too much kid stuff lately! Sorry I haven't been productive past 2
days...But...
FYI: We can't use role mapping information in access token to authorize
admin console access. This is because users may be creating new realms
which will update their role mappings on the fly with the new admin
roles created for that new realm.
What will happen is that the client id will be extracted from token and
authorization based on client scope and user role mappings will be done
dynamically.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev