[keycloak-dev] rename client templates to scope?

Pedro Igor Silva psilva at redhat.com
Thu Sep 28 08:52:46 EDT 2017 

I think all these concepts under a single umbrella is confusing.

Regarding roles and scopes ....

IMO, roles and scopes are separated things. It would be nice if we had a
specific area for Scope Mapping, where from there I could create scopes and
manage their configuration (consent, param required, etc), associate scopes
with roles (and not turn roles into scopes) and associate mappers with
scopes.

And also push scopes into a separated claim within tokens.


On Thu, Sep 28, 2017 at 4:35 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Interesting. So client templates could become a very flexible thing that
> covers many uses. So one single concept could cover:
>
> * Templates as today
> * Scope
> * Namespaces
>
> I like the idea, but the devil is in the details. How would it end up
> looking. Would it be easy to use.
>
> On 27 September 2017 at 19:38, Bill Burke <bburke at redhat.com> wrote:
>
> > Maybe want to allow client scopes to define their own roles too.  Then
> > we have a role namespace as well.  Could even think about removing
> > realm roles if we do this.
> >
> > On Tue, Sep 26, 2017 at 3:24 AM, Stian Thorgersen <sthorger at redhat.com>
> > wrote:
> > > Interesting idea. That might just work and be a nice and easy way to
> add
> > > proper support for OAuth/OIDC scope.
> > >
> > > On 25 September 2017 at 17:11, Bill Burke <bburke at redhat.com> wrote:
> > >>
> > >> This is something for 4.0
> > >>
> > >> Was thinking that we should rename Client Templates to Client Scopes.
> > >> For oauth, oidc, and token exchange client asks for a specific scope
> > >> with the "scope" parameter.  This "scope" parameter would be the name
> > >> of a client-id or a client scope (formerly client emplates.  Clients
> > >> will be granted access to scopes in the admin console.  Probably
> > >> through authz services.
> > >>
> > >>
> > >>
> > >> --
> > >> Bill Burke
> > >> Red Hat
> > >> _______________________________________________
> > >> keycloak-dev mailing list
> > >> keycloak-dev at lists.jboss.org
> > >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> > >
> >
> >
> >
> > --
> > Bill Burke
> > Red Hat
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list