Yes, we should hide scopes and claims. Good catch.
On 9/12/2014 11:43 AM, Marek Posolda wrote:
> Possible related question is, if bearer-only applications need scopes
> and claims? Should we hide "Scopes" and "Claims" tabs in admin
> when editing bearer-only application?
> On 12.9.2014 14:51, Bill Burke wrote:
>> Negative. Bearer-only applications can receive revocation policies.
>> i.e. "don't accept tokens before this date". In the future we may
>> to push things like allowed CORS origins, IP blacklists, user
>> blacklists, etc. There's also stats we may want to gather from the
>> On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
>>> I propose we remove the "Admin URL" field for bearer-only
>>> applications. As a bearer-only application doesn't manage any user
>>> sessions there's not much point in propagating logouts to those.
>>> keycloak-dev mailing list