11:32 a.m.
Not sure if I follow you Bill. Don't we already have scope (role) assignment
capabilities for both OAuth Clients and Applications?
Date: Tue, 12 Aug 2014 12:13:21 -0400
From: Bill Burke <bburke@redhat.com<mailto:bburke@redhat.com>>
Subject: Re: [keycloak-user] Direct Access Grants & 'Client
Credentials' OAuth2 grant type
To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Message-ID: <53EA3D21.7060609@redhat.com<mailto:53EA3D21.7060609@redhat.com>>
Content-Type: text/plain; charset=windows-1252; format=flowed
Right now we require you to create a user and give permissions to that user. Not sure if
we'll add client credentials grant as it would require having role mappings for
clients and applications.
2:07 a.m.
New subject: Direct Access Grants & 'Client
Scope is what roles an application is permitted to ask for, while role mappings for a user
is what roles are actually granted.
For example an application could have a scope one role A and B, but only have a role
mapping on role A. On its own the application only has access to role A, while if acting
on behalf of a user that has both role A and B the application would have both roles.
----- Original Message -----
From: "John DODGE CONSULTING SERVICES Schneider, LLC"
<John.Schneider(a)carrier.utc.com>
To: keycloak-user(a)lists.jboss.org
Sent: Tuesday, 12 August, 2014 6:32:34 PM
Subject: Re: [keycloak-user] Direct Access Grants & 'Client
Not sure if I follow you Bill. Don’t we already have scope (role) assignment
capabilities for both OAuth Clients and Applications?
Date: Tue, 12 Aug 2014 12:13:21 -0400
From: Bill Burke < bburke(a)redhat.com >
Subject: Re: [keycloak-user] Direct Access Grants & 'Client
Credentials' OAuth2 grant type
To: keycloak-user(a)lists.jboss.org
Message-ID: < 53EA3D21.7060609(a)redhat.com >
Content-Type: text/plain; charset=windows-1252; format=flowed
Right now we require you to create a user and give permissions to that user.
Not sure if we'll add client credentials grant as it would require having
role mappings for clients and applications.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3771
days inactive
3785
days old
1 comments
2 participants
participants (2)
-
Schneider, John DODGE CONSULTING SERVICES, LLC -
Stian Thorgersen