Hi,

javascript application itself always accept all authenticated users, there is no authorization check of roles done in javascript adapter inside browser after authentication. But after successful authentication, your javascript app will receive accessToken and this token will have only roles limited by scopes you configured. Basically the roles in access token is intersection of:
- roles, which user is assigned to
- roles, configured by scope mapping of your application

The access token can then be used for REST calls and authorization of the token and granted roles is done by these rest calls.

Marek

On 8.12.2014 14:06, Carlos Feria wrote:

Hi. Sorry by the question but i have a problem that i can’t solve.

I’m using “Pure Client Javascript Adapter” and a APPLICATION WITH “Full Scope Allowed OFF, and Assigned Roles ”.

When i do “keycloak.init({ onLoad: ‘login-required’ })” the login page shows, but there accept all user accounts, I need login just users with Assigned Roles on Scope”. Is there a bug? how can i solve my problem? Thanks for all.

--

Carlos E. Feria Vila
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user