On 17 December 2015 at 14:39, Bill Burke <bburke(a)redhat.com> wrote:
I don't think you've thought this through. Of course you
would want scope
on a client template.
Client Template allows scope for Service A, Service B, and Service C.
Client 1, Client 2, and Client 3 all need to access Service A, B, and C.
You'd have to define scope in each client when it would be easier to define
it in the client template.
I have thought it through - I just think that it's a lot more likely that
Client 1 will invoke Service A, Client 2 will invoke Service B. Even if all
clients invoke all services they will not have the same scope, but
different scope.
On 12/17/2015 3:58 AM, Stian Thorgersen wrote:
> Not sure we even need scope in client templates? Isn't it sufficient to
> only have scope control on a per-client?
>
> For example say there's 3 clients in a group of clients:
> * service - user and admin roles
> * user console
> * admin console
>
> You don't want the user console to have scope on the admin console just
> because it's in the same group. Also, you don't want the service to have
> any scope.
>
> Can anyone come up with an example where scope on the client template
> would be useful?
>
> On 16 December 2015 at 14:22, Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>> wrote:
>
> On 15/12/15 18:34, Bill Burke wrote:
> > So, what to do about scope and client templates? Client templates
> could
> > have "full scope allowed" or define a scope. A client would
either
> > click "full scope allowed" or it can add additional scoped roles.
> >
> > Sound ok?
> >
> yes to me. I suppose each client will still automatically receives his
> own client roles to the scope like it's now.
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com