[keycloak-dev] scope and client templates

Stian Thorgersen sthorger at redhat.com
Thu Dec 17 03:58:11 EST 2015


Not sure we even need scope in client templates? Isn't it sufficient to
only have scope control on a per-client?

For example say there's 3 clients in a group of clients:
* service - user and admin roles
* user console
* admin console

You don't want the user console to have scope on the admin console just
because it's in the same group. Also, you don't want the service to have
any scope.

Can anyone come up with an example where scope on the client template would
be useful?

On 16 December 2015 at 14:22, Marek Posolda <mposolda at redhat.com> wrote:

> On 15/12/15 18:34, Bill Burke wrote:
> > So, what to do about scope and client templates?  Client templates could
> > have "full scope allowed" or define a scope.  A client would either
> > click "full scope allowed" or it can add additional scoped roles.
> >
> > Sound ok?
> >
> yes to me. I suppose each client will still automatically receives his
> own client roles to the scope like it's now.
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151217/24f5b6d7/attachment.html 


More information about the keycloak-dev mailing list