[keycloak-dev] Disable application scope by default?

Stan Silvert ssilvert at redhat.com
Tue Jul 29 12:06:34 EDT 2014 

Sorry to veer off topic and onto general usability, but this brings up 
something I've been meaning to mention for awhile.

I'm sure that I don't understand all the use cases very well, but I can 
attest that the whole "scope" thing is rather confusing. From the UI, it 
was never clear to me what "Scope" actually did. I never seemed to need 
it so I never read the doco on it.  Now I've read "Permission Scopes" 
section of the doc and I still don't understand.  I'd probably have to 
read it a few more times to really get it.

I suggest that you add a short sentence to each screen that explains 
what the screen is for.   That would improve usability tremendously.

There are many other places where a few words would improve 
understanding.  For instance, what does "Direct Grant API" mean? I 
shouldn't have to look it up in the doc to find out.

Stan

On 7/29/2014 11:40 AM, Stian Thorgersen wrote:
> Other than potentially larger tokens I don't see any issue with that.
>
> Although, lately I've been thinking that only having a single list of roles for a realm would be simpler, instead of realm roles and application roles. We could still provide some form of a hierarchy using '/' for example 'myapp/admin'. It's a pretty big shift, but I think it would remove a lot of confusion.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 29 July, 2014 4:27:02 PM
>> Subject: Re: [keycloak-dev] Disable application scope by default?
>>
>>
>>
>> On 7/29/2014 11:07 AM, Stian Thorgersen wrote:
>>> Not sure I fully understand.
>>>
>>> At the moment an application has scope on all it's own roles. I assume you
>>> mean that you're proposing that it should have a "scope" on all roles a
>>> user has?
>>>
>> Yes exactly.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list