[keycloak-dev] offline access permission incorrect?

Bill Burke bburke at redhat.com
Mon Apr 2 18:16:19 EDT 2018


To enable offline access the user must have the offline access role
and the client must have that role in its scope...

This just doesn't seem right to me.  IMO, this shouldn't be something
you assign permission to a user.  Its solely a client permission and
should not be something role-based.  Instead the client should be
marked as allowing to ask for offline access and whether or not the
client must ask consent for this.

-- 
Bill Burke
Red Hat


More information about the keycloak-dev mailing list