[keycloak-dev] Removing wildcard role

Stian Thorgersen stian at redhat.com
Fri Nov 15 08:42:06 EST 2013


Removing the wildcard role has two side-effects:

1. Tokens for an application no longer contains roles for the application itself - unless you explicitly add scope mappings to the application for its own roles
2. Application useRealmMappings doesn't result in realm roles being added to token

I've solved 1 by making TokenManager.createAccessCode add the applications own roles to requested roles. Also, as I've removed the application itself from the list of applications on an applications scope mappings page. An alternative approach would be to add scope mappings for an applications own roles when they are added, but I thought that was less elegant.

I didn't think 2 made sense any more without wildcard roles, so I've removed it, is that ok?

If you'd like to take a look at what I've done look at: https://github.com/stianst/keycloak/tree/remove-wildcard-role


More information about the keycloak-dev mailing list