Good afternoon, For the applications page, in the new account console, we have the requirement to revoke the consents granted for third-party apps. We already have an endpoint in the AccountRestService[1] for it: ``` @Path("/applications/{clientId}/consent") @DELETE public Response revokeConsent(final @PathParam("clientId") String clientId) { checkAccountApiEnabled(); auth.requireOneOf(AccountRoles.MANAGE_CONSENT); .... } ``` That's exactly what we need, although the REST calls will return HTTP 403 because there's no such role as MANAGE_CONSENT for the `account` client. I'd like to change the endpoint, so that the `account` client would be able to revoke consents. Something like: ``` @Path("/applications/{clientId}/consent") @DELETE public Response revokeConsent(final @PathParam("clientId") String clientId) { checkAccountApiEnabled(); auth.requireOneOf(AccountRoles.MANAGE_CONSENT, AccountRoles.MANAGE_ACCOUNT); ``` Does it make sense? [1] - https://github.com/keycloak/keycloak/blob/041229f9ca393d9bf7a92cabcf1e8b4... -- - abstractj _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev