On Tue, Sep 04, 2018 at 03:29:20PM +0200, Stian Thorgersen wrote:
As scopes are often used for permissions in the applications
themselves it
would be useful to have a mechanism to grant a user access to a scope.
For example if you have the scopes "photos:view" and "photos:edit"
you
would like only users that are permitted to use the photos application to
be able to get those scopes in the token.
One simple way of doing this would be to have a optional required role
associated with a client scope. Then we can simply apply the client scopes
for which the user has the required role.
+1
Something like this is definitely needed and useful in Keycloak.
I guess this is:
https://issues.jboss.org/browse/KEYCLOAK-8175
-- Pasi