5:27 a.m.
Has anyone noticed that updating a client using kcadm seems to ignore the
defaultClientScopes property?
/opt/keycloak/bin/kcadm.sh update
clients/366b5cb2-f4ac-4b81-9ccb-1e8198fec9f9 -r therealm -s
'defaultClientScopes=["web-origins"]' -s name=changedName --no-config
--server http://localhost:8080/auth --realm master --user admin --client
admin-cli --password xxxx
We can update other properties ok, e.g. name, client id, redirectUris all
update ok, but defaultClientScopes doesn't change. Also I think
optionalClientScopes doesn't change either.
12:20 p.m.
There are separate REST API operations for add/remove default client
scope or optional client scope. I suggest to try admin console with
browser and inspect the REST request, which admin console is doing for
add/remove client scopes for client. This may show you how the REST
request looks like and you should be able to "translate" this into
proper format for kcadm then.
Marek
On 17/01/2019 05:27, Matt Evans wrote:
Has anyone noticed that updating a client using kcadm seems to ignore
the
defaultClientScopes property?
/opt/keycloak/bin/kcadm.sh update
clients/366b5cb2-f4ac-4b81-9ccb-1e8198fec9f9 -r therealm -s
'defaultClientScopes=["web-origins"]' -s name=changedName --no-config
--server http://localhost:8080/auth --realm master --user admin --client
admin-cli --password xxxx
We can update other properties ok, e.g. name, client id, redirectUris all
update ok, but defaultClientScopes doesn't change. Also I think
optionalClientScopes doesn't change either.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:51 a.m.
Hi Marek
I took your advice and looked at what the console does. It seems that you
have to individually PUT or DELETE each client scope in the
defaultClientScopes and optionalClientScopes.
e.g. PUT /clients/<client id>/defaultClientScopes/<scope id>
I tried to PUT to the /clients/<client id>/defaultClientScopes endpoint to
set all the default client scopes in one go but the method is not allowed.
We currently have our clients deployed using ansible calling kcadm with the
json template, this works well for creating new clients, the default client
scopes are set correctly, but the update of an existing client template
ignores them if they are specified in the json.
Whilst we can add more code to extract the scopes from the template and
individually call DELETE or PUT to adjust them it seems overly complicated.
I guess for now we will delete and create the whole client if we need to
update them.
Are there plans to improve this in the future? It seems inconsistent that
the rest endpoint for the client just ignores those properties for updates,
but accepts them for creates.
Thanks
Matt
On Thu, 17 Jan 2019 at 22:20, Marek Posolda <mposolda(a)redhat.com> wrote:
There are separate REST API operations for add/remove default client
scope or optional client scope. I suggest to try admin console with
browser and inspect the REST request, which admin console is doing for
add/remove client scopes for client. This may show you how the REST
request looks like and you should be able to "translate" this into
proper format for kcadm then.
Marek
On 17/01/2019 05:27, Matt Evans wrote:
> Has anyone noticed that updating a client using kcadm seems to ignore the
> defaultClientScopes property?
>
> /opt/keycloak/bin/kcadm.sh update
> clients/366b5cb2-f4ac-4b81-9ccb-1e8198fec9f9 -r therealm -s
> 'defaultClientScopes=["web-origins"]' -s name=changedName
--no-config
> --server http://localhost:8080/auth --realm master --user admin --client
> admin-cli --password xxxx
>
> We can update other properties ok, e.g. name, client id, redirectUris all
> update ok, but defaultClientScopes doesn't change. Also I think
> optionalClientScopes doesn't change either.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2198
days inactive
2199
days old
2 comments
2 participants
participants (2)
-
Marek Posolda -
Matt Evans