[keycloak-dev] Including OAuth Scope in Response from Token Endpoint (Financial API Read Only Profile Requirement)

乗松隆志 / NORIMATSU,TAKASHI takashi.norimatsu.ws at hitachi.com
Wed Oct 4 00:03:55 EDT 2017


Hello.

I've investigated into keycloak to find out whether it completely conforms to Financial API Read Only Profile Requirements for Authorization Server and found that it does not satisfy only one point.

Therefore, I've implemented this point, namely always including OAuth scope in the response from Token Endpoint.

Financial API is API's security requirement for API services in financial sector.
It is specified by OpenID Foundation.
http://openid.net/wg/fapi/

Financial API Read Only Profile Requirements for Authorization Server is the following.
http://openid.net/specs/openid-financial-api-part-1.html#authorization-server
* shall return the list of allowed scopes with the issued access token;
is met by this PR.
https://github.com/keycloak/keycloak/pull/4527

Hope this PR is reviewed and merged.

Best Regards
Takashi Norimatsu
Hitachi, Ltd.



More information about the keycloak-dev mailing list