[keycloak-dev] Backward compatibility of server and adapters

Stian Thorgersen sthorger at redhat.com
Fri Jul 1 02:43:56 EDT 2016


I'm not convinced about that approach. We'll end up having to test and
maintain this in the long run.

How about a staged approach instead:

* Keycloak 2.1 & RH-SSO 7.0.1 - add scope=openid, also add mention in
release not and migration guide that the ID token will soon not be included
anymore
* Keycloak 2.3 & RH-SSO 7.1 - stop sending ID token if scope is not included

On 30 June 2016 at 16:00, Marek Posolda <mposolda at redhat.com> wrote:

> I am thinking whether to add configuration switch in admin console per
> client, where you can define what is the adapter version the particular
> client is using. In that case, some behaviour can be different/backwards
> compatible.
>
> Example: For new clients, we will include IDToken just if they use
> "scope=openid" . However for clients with adapter "1.9" or older, the
> IDToken will be included even if "scope=openid" is not used.
>
> WDYT?
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160701/07b195a1/attachment.html 


More information about the keycloak-dev mailing list