11:25 a.m.
I propose we remove the "Admin URL" field for bearer-only applications. As a
bearer-only application doesn't manage any user sessions there's not much point in
propagating logouts to those.
11:53 a.m.
Ignore that - admin-url is also used to propagate notBefore
----- Original Message -----
From: "Stian Thorgersen" <stian(a)redhat.com>
To: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
Sent: Friday, 12 September, 2014 11:25:31 AM
Subject: [keycloak-dev] Remove admin-url for bearer-only applications
I propose we remove the "Admin URL" field for bearer-only applications. As a
bearer-only application doesn't manage any user sessions there's not much
point in propagating logouts to those.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2:51 p.m.
Negative. Bearer-only applications can receive revocation policies.
i.e. "don't accept tokens before this date". In the future we may want
to push things like allowed CORS origins, IP blacklists, user
blacklists, etc. There's also stats we may want to gather from the
applications.
On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
I propose we remove the "Admin URL" field for bearer-only
applications. As a bearer-only application doesn't manage any user sessions
there's not much point in propagating logouts to those.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
5:43 p.m.
Possible related question is, if bearer-only applications need scopes
and claims? Should we hide "Scopes" and "Claims" tabs in admin console
when editing bearer-only application?
On 12.9.2014 14:51, Bill Burke wrote:
Negative. Bearer-only applications can receive revocation policies.
i.e. "don't accept tokens before this date". In the future we may want
to push things like allowed CORS origins, IP blacklists, user
blacklists, etc. There's also stats we may want to gather from the
applications.
On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
> I propose we remove the "Admin URL" field for bearer-only applications. As
a bearer-only application doesn't manage any user sessions there's not much point
in propagating logouts to those.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
5:51 p.m.
Yes, we should hide scopes and claims. Good catch.
On 9/12/2014 11:43 AM, Marek Posolda wrote:
Possible related question is, if bearer-only applications need
scopes
and claims? Should we hide "Scopes" and "Claims" tabs in admin
console
when editing bearer-only application?
On 12.9.2014 14:51, Bill Burke wrote:
> Negative. Bearer-only applications can receive revocation policies.
> i.e. "don't accept tokens before this date". In the future we may
want
> to push things like allowed CORS origins, IP blacklists, user
> blacklists, etc. There's also stats we may want to gather from the
> applications.
>
> On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
>> I propose we remove the "Admin URL" field for bearer-only
>> applications. As a bearer-only application doesn't manage any user
>> sessions there's not much point in propagating logouts to those.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
5:59 p.m.
Thanks, I will do that.
Marek
On 12.9.2014 17:51, Bill Burke wrote:
Yes, we should hide scopes and claims. Good catch.
On 9/12/2014 11:43 AM, Marek Posolda wrote:
> Possible related question is, if bearer-only applications need scopes
> and claims? Should we hide "Scopes" and "Claims" tabs in admin
console
> when editing bearer-only application?
>
>
> On 12.9.2014 14:51, Bill Burke wrote:
>> Negative. Bearer-only applications can receive revocation policies.
>> i.e. "don't accept tokens before this date". In the future we may
want
>> to push things like allowed CORS origins, IP blacklists, user
>> blacklists, etc. There's also stats we may want to gather from the
>> applications.
>>
>> On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
>>> I propose we remove the "Admin URL" field for bearer-only
>>> applications. As a bearer-only application doesn't manage any user
>>> sessions there's not much point in propagating logouts to those.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>
3507
days inactive
3507
days old
5 comments
3 participants
participants (3)
-
Bill Burke -
Marek Posolda -
Stian Thorgersen