Should we add support for the scope param to 1.0.beta4? It can be done as part of the access code work. To make it OAuth2 friendly I propose we use the following format: ?scope=realm-role1 realm-role2 app/app-role1 app2/app-role2 Basically a "list of space-delimited, case-sensitive strings" as specified in the spec, where each string is either "<realm role name>" or "<app name>/<app role name>" _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Are you talking about http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims or something else? ----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Friday, 18 July, 2014 4:50:29 PM > Subject: Re: [keycloak-dev] Scope param > > If you're going to do this, please review OpenID Connect Scope settings. > > On 7/18/2014 7:23 AM, Stian Thorgersen wrote: >> Should we add support for the scope param to 1.0.beta4? It can be done as >> part of the access code work. >> >> To make it OAuth2 friendly I propose we use the following format: >> >> ?scope=realm-role1 realm-role2 app/app-role1 app2/app-role2 >> >> Basically a "list of space-delimited, case-sensitive strings" as specified >> in the spec, where each string is either "<realm role name>" or "<app >> name>/<app role name>" >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >