Good afternoon,
For the applications page, in the new account console, we have the
requirement to revoke the consents granted for third-party apps.
We already have an endpoint in the AccountRestService[1] for it:
```
@Path("/applications/{clientId}/consent")
@DELETE
public Response revokeConsent(final @PathParam("clientId") String clientId) {
checkAccountApiEnabled();
auth.requireOneOf(AccountRoles.MANAGE_CONSENT);
....
}
```
That's exactly what we need, although the REST calls will return HTTP
403 because there's no such role as MANAGE_CONSENT for the `account`
client.
I'd like to change the endpoint, so that the `account` client would be
able to revoke consents. Something like:
```
@Path("/applications/{clientId}/consent")
@DELETE
public Response revokeConsent(final @PathParam("clientId") String clientId) {
checkAccountApiEnabled();
auth.requireOneOf(AccountRoles.MANAGE_CONSENT, AccountRoles.MANAGE_ACCOUNT);
```
Does it make sense?
[1] -
https://github.com/keycloak/keycloak/blob/041229f9ca393d9bf7a92cabcf1e8b4...
--
- abstractj