You can remove it on a per-client basis by changing protocol mappers for
the client. I think you can use a setting on the protocol mapper to make it
require a scope param to view it, but not 100% sure. At the very least
you'd be able to write a custom protocol mapper to do it.
In the future we plan better support for scope including the ability to
define custom scopes.
On 28 November 2016 at 12:59, Guus der Kinderen <guus.der.kinderen(a)gmail.com
wrote:
Hello,
Is it possible to withhold the email address of a user from a token (unless
a specific claim/role is granted)?
Regards,
Guus
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user