Hi
Are there any plans to implement this feature?
Anyone?
2018-01-18 15:36 GMT+01:00 Daniel Charczyński <danielcharczynski(a)o2.pl>:
Hi
I'd like to talk with you about
https://github.com/keycloak/keycloak/pull/4910
and
https://issues.jboss.org/browse/KEYCLOAK-6092
we have CRITICAL security issue that target service is able to receive
access token with roles to other services so it is able to reuse it.
We need to implement feature thet makes it possible to get access token
with roles per target service(client in keycloak)
Out idea is to use client roles that requires scope.
But in order to get all roles assigned from specific target service we
need to chance current behaviour.
At the moment there is possibility to get specific role using scope
parameter
<clinetId>/<role-name>
but we need
<clientId>/.*
Have you got any idea to make it possible ASAP?
We do not want to make any break changes...
maybe we use wildcard instead od regexp like <clientId>/* ?
Just let me know how to do it in order to be compatible with your future
plans and make it possible to merge...
Regards
Daniel