Keycloak has the concept of "scope". Scope is the roles that a client
On 1/29/2014 9:56 AM, Nils Preusker wrote:
> Hi Bill,
>
> maybe you can elaborate a bit on why you think 4.3 (Resource Owner
> Password Grant) is a potential security hole.
>
is allowed to request for. For instance, a user may have "admin"
privileges, but you may not want to grant a token with admin privileges
to specific client.
We're adding style sheets and pluggable themes, maybe that could push
> Your assumption - that we want to control our own login screen - is
> correct.
>
you to move to a Keycloak hosted login screen? I don't know.
> salesforce.com <http://salesforce.com>.
> About your security concern, it is possible to just add fields (like a
> client id) to 4.3. As far as I'm aware, Saleforce does this with the
> "client_id" and "client_secret" parameters for API access to
>
Yes, that's what I'm planning to do.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user