[keycloak-dev] discontinuing scope param
Stian Thorgersen
stian at redhat.com
Thu Mar 6 10:44:25 EST 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 6 March, 2014 3:40:52 PM
> Subject: Re: [keycloak-dev] discontinuing scope param
>
>
>
> On 3/6/2014 10:24 AM, Stian Thorgersen wrote:
> >>
> >> BTW, I also wanted to add metadata to roles on whether it should be
> >> displayed in a grant page or not.
> >
> > That's a nice feature, but I can't come up with a use-case for it. Do you
> > have one in mind?
>
> Same usecase as you mentioned earlier. To reduce amount of things the
> client is asking permission to do on the grant page.
I assume it would be used for a way to have "implicit" permissions granted to a client, but I couldn't think of anything that a client should be allowed to do without requestion access
>
> For example, you might have a composite role "Users" and only want to
> show that role on the grant page, not its children. Right now, all
> roles are showed.
What if a client has a scope on the children and not the composite? Would it display the children then?
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list