[keycloak-dev] Remove admin-url for bearer-only applications
Marek Posolda
mposolda at redhat.com
Fri Sep 12 11:59:14 EDT 2014
Thanks, I will do that.
Marek
On 12.9.2014 17:51, Bill Burke wrote:
> Yes, we should hide scopes and claims. Good catch.
>
> On 9/12/2014 11:43 AM, Marek Posolda wrote:
>> Possible related question is, if bearer-only applications need scopes
>> and claims? Should we hide "Scopes" and "Claims" tabs in admin console
>> when editing bearer-only application?
>>
>>
>> On 12.9.2014 14:51, Bill Burke wrote:
>>> Negative. Bearer-only applications can receive revocation policies.
>>> i.e. "don't accept tokens before this date". In the future we may want
>>> to push things like allowed CORS origins, IP blacklists, user
>>> blacklists, etc. There's also stats we may want to gather from the
>>> applications.
>>>
>>> On 9/12/2014 5:25 AM, Stian Thorgersen wrote:
>>>> I propose we remove the "Admin URL" field for bearer-only
>>>> applications. As a bearer-only application doesn't manage any user
>>>> sessions there's not much point in propagating logouts to those.
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>
>
More information about the keycloak-dev
mailing list