[keycloak-dev] FYI: can't use token to auth admin console
Bill Burke
bburke at redhat.com
Fri May 23 10:51:31 EDT 2014
Our user-agent might not be a browser.
On 5/23/2014 10:48 AM, Stian Thorgersen wrote:
> Why not just do a window.reload(), which will redirect to login screen and get a new token with the new roles?
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Friday, 23 May, 2014 3:46:08 PM
>> Subject: [keycloak-dev] FYI: can't use token to auth admin console
>>
>> Too much kid stuff lately! Sorry I haven't been productive past 2
>> days...But...
>>
>> FYI: We can't use role mapping information in access token to authorize
>> admin console access. This is because users may be creating new realms
>> which will update their role mappings on the fly with the new admin
>> roles created for that new realm.
>>
>> What will happen is that the client id will be extracted from token and
>> authorization based on client scope and user role mappings will be done
>> dynamically.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list