Re: [keycloak-user] how retrievie access token only with roles for specific target service(keycloak client)?

Here are more details about use case backgroud: we are using bearer access tokens in case of authorization between services this is JWT signed by keycloak and contains all roles assignet to this specific client we are using "service account" in case of authorization service to service eg: if we have following screnario service A ---> service B | |------------- > service C service A receives JWT with roles to service B and C If Service A comunicates with B, B is able to reuse this token and communicate with C as service A Token that B receives from A is valid and there is possibility to reuse it That is CRITICAL security issue in my oppinion. Out plan is to use Roles that requires scope parameter and it is OK for us but at the moment there is only possibility to query for specific Role but there is NO possibility to ask keycloak for JWT in with all roles but only in service B context. Of course we can use composite roles but this is workaround that requeires extra maintanence - we do not want to do that in that way We just need support scope parameter like *scope = serviceB/** Regards Daniel Charczyński