Good morning, I'm not sure if I follow you on this, but if
you look at OIDC spec[1], scope is required. Plus, there's
some explanation here[2].
I hope it helps.
[1] -
http://openid.net/specs/openid-connect-core-1_0.html
[2] -
https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/ro...
On 2016-07-04, Artem Voskoboynick wrote:
Looks I've clarified the problem:
A resource with scopes won't be permitted if there are no permitted scopes.
This is a strange behavior - if there are no permitted scopes, the resource
should still be available, it just doesn't have any additional actions
(scopes) permitted.
In support, if you take a resource without scopes, the resource is
available (given all resource permissions are permitted). But following the
current logic Keycloak handles scopes, the resource shouldn't be available
then, since there are no available scopes.
Now, the only solution is to create a dummy scope and always assign it to
resources, so that they don't get blocked when no other scopes are
available.
I think, this behavior should be changed.
What do you think?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
abstractj
PGP: 0x84DC9914