Hello,
Suppose we have a client defined with a scope = e.g. 1 role, requiring consent and a user
with that role. Assume we don't want to provision users with this role (required
implementation on the client side), we have to use a default realm role. The Account
application then shows the client in the application screen, without the user giving any
consent. Which is btw. perfectly understandable, as in this situation the screen shows
only a information about available permissions. This would be quite OK, however with
possibly several hundreds of clients, this table would get messy.
Another possibility is to have a client without any scopes defined (full scope is
disabled) requiring consent too. If a user accepts the consent, no information is
displayed in the application screen of the Account application, and as such the user is
unable to revoke the grant.
We'd prefer to show only clients with accepted consents in the application screen,
however I'm not sure whether the second possibility mentioned is a bug or feature.
Shouldn't it be possible to revoke a grant although no scope (role) is defined?
Any help appreciated.
Tomas