[keycloak-dev] discontinuing scope param
Stian Thorgersen
stian at redhat.com
Thu Mar 6 10:24:27 EST 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 6 March, 2014 3:14:16 PM
> Subject: Re: [keycloak-dev] discontinuing scope param
>
>
>
> On 3/6/2014 10:01 AM, Stian Thorgersen wrote:
> > For applications yes, this is just a "performance" optimization, and it
> > would probably never be used.
> >
> > For clients it's important. Users may choose not to use an application if
> > it requests to many permissions. In my previous example you may be happy
> > with a gallery application viewing your pictures, but if it requests to
> > edit your pictures as well and you're not happy with it both you as a user
> > and the developer of the application loose out.
> >
> > Have a look at http://www.youtube.com/watch?v=vFsxQHSSkRs it explains it
> > all in 1 min
> >
> > It would also be cool if we added a way to mark parts of the scope as
> > optional. For example in the above example the gallery app could say it
> > requires to view the profile and view pictures, but only optionally edit
> > pictures. On the grant page there could be a checkbox next to optional
> > permissions that let's a user allow/disallow that specific permission.
> >
>
> I'm still removing what we currently have until a new param format is
> decided on and implemented that fits in openid connect scope param
> format constraints. This scope param support I'm removing isn't
> documented anyways, so I doubt anybody has tried it out.
That's fine, I can create a JIRA issue to add support for it. I thought you where proposing to remove it and never add it back ;)
Unless someone explicitly asks for it I think we're fine with leaving it until later
>
> BTW, I also wanted to add metadata to roles on whether it should be
> displayed in a grant page or not.
That's a nice feature, but I can't come up with a use-case for it. Do you have one in mind?
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list