[keycloak-dev] discontinuing scope param

Stian Thorgersen stian at redhat.com
Thu Mar 6 10:44:25 EST 2014



----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 6 March, 2014 3:40:52 PM
> Subject: Re: [keycloak-dev] discontinuing scope param
> 
> 
> 
> On 3/6/2014 10:24 AM, Stian Thorgersen wrote:
> >>
> >> BTW,  I also wanted to add metadata to roles on whether it should be
> >> displayed in a grant page or not.
> >
> > That's a nice feature, but I can't come up with a use-case for it. Do you
> > have one in mind?
> 
> Same usecase as you mentioned earlier.  To reduce amount of things the
> client is asking permission to do on the grant page.

I assume it would be used for a way to have "implicit" permissions granted to a client, but I couldn't think of anything that a client should be allowed to do without requestion access

> 
> For example, you might have a composite role "Users" and only want to
> show that role on the grant page, not its children.  Right now, all
> roles are showed.

What if a client has a scope on the children and not the composite? Would it display the children then?

> 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 


More information about the keycloak-dev mailing list