[keycloak-dev] Remove admin-url for bearer-only applications
Bill Burke
bburke at redhat.com
Fri Sep 12 11:51:05 EDT 2014
Yes, we should hide scopes and claims. Good catch.
On 9/12/2014 11:43 AM, Marek Posolda wrote:
> Possible related question is, if bearer-only applications need scopes
> and claims? Should we hide "Scopes" and "Claims" tabs in admin console
> when editing bearer-only application?
>
>
> On 12.9.2014 14:51, Bill Burke wrote:
>> Negative. Bearer-only applications can receive revocation policies.
>> i.e. "don't accept tokens before this date". In the future we may want
>> to push things like allowed CORS origins, IP blacklists, user
>> blacklists, etc. There's also stats we may want to gather from the
>> applications.
>>
>> On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
>>> I propose we remove the "Admin URL" field for bearer-only
>>> applications. As a bearer-only application doesn't manage any user
>>> sessions there's not much point in propagating logouts to those.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list