[keycloak-dev] offline access tokens part 2
Marek Posolda
mposolda at redhat.com
Wed Mar 28 02:58:59 EDT 2018
Dne 27.3.2018 v 21:36 Bill Burke napsal(a):
> Might be nice to not require "consent required" on the scope itself,
> but when you attach it to the client.
>
> i.e. Client Foo has scopes A, B by default which don't require
> consent, but it can also request scope C if the client asks for it and
> consent is granted.
> Client Bar has scope C by default and doesn't require consent. Maybe
> that's something that can be supported later.
I see. So the flag is not on clientScope itself, but on the "binding"
between client and clientScope. I agree that it's something to be
supported later. Will likely require some model changes as currently
there is no separate model for "binding" between client and clientScope.
Created https://issues.jboss.org/browse/KEYCLOAK-7018 . I think it will
be useful for some other scenarios, for example possibility to
check/uncheck some clientScopes on consent screen:
https://issues.jboss.org/browse/KEYCLOAK-7019 .
Marek
More information about the keycloak-dev
mailing list