Replied to list as well.
La 25.07.2019 19:43, Gregor Tudan a scris:
I like the idea. If I understood you right, you‘re proposing to
request a new token after selecting a realm from the list in the admin console to edit
this specific realm (maybe by the scope param)?
We would still need to come up with a different solution for finding out which realm the
user is allowed to edit. That seems to be the main purpose of whoami right now.
Yes, that is what I am proposing. In our application we thought about
using scopes like: `account:123` .
For the list if accounts there should be another API that will list all
of the realms the current user has access to.
I'm pretty sure the server side implementation should be simple.
So the Admin WebApp will probably need some work and be prepared like this:
- use authenticates ( in a realm or in master ?! )
- Admin WebApp calls the list-accessible-realms API
- Admin WebApp displays the list of accessible realms
- User selects an account to manage
- Admin WebApp gets a token for that realm and uses it for the calls
You could look at it as two web applications:
The realm selector and the realm manager. In this case the realm id (and
the token to access it) is internal state for the realm manager application.