[keycloak-dev] Permission for client scopes
Stian Thorgersen
sthorger at redhat.com
Tue Sep 4 09:29:20 EDT 2018
As scopes are often used for permissions in the applications themselves it
would be useful to have a mechanism to grant a user access to a scope.
For example if you have the scopes "photos:view" and "photos:edit" you
would like only users that are permitted to use the photos application to
be able to get those scopes in the token.
One simple way of doing this would be to have a optional required role
associated with a client scope. Then we can simply apply the client scopes
for which the user has the required role.
More information about the keycloak-dev
mailing list