[keycloak-dev] Why do we have a Direct Grants Only option for oauth clients

Marek Posolda mposolda at redhat.com
Thu Apr 9 10:56:20 EDT 2015


Only reason I see is, that you don't need to provide any redirect URI 
for these clients. How about having 3 states? Something like:
- Direct grants only (redirect URI field not mandatory and hidden)
- Direct grants allowed
- Direct grants not allowed

Marek

On 9.4.2015 12:14, Stian Thorgersen wrote:
> Do we really need the Direct Grants Only option for Clients? IMO it should be the other way around and we should have a 'Direct Grant Allowed' option for Clients.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list