Re: [keycloak-user] Exception after changing roles
On 8/20/2015 3:18 AM, Stian Thorgersen wrote:
+1 We should just update the access token with new details and roles
Not sure if this is really an issue, but would there be a case where an application
caches the claims in the token? I don't think there is, but if we do update the token
we should make it 100% clear in the docs that this will happen.
The problem is consent. If a client requires consent, you can't add new
details to the token without that consent. Looks like we don't check
for that, we should.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com