[keycloak-dev] Permission for client scopes
Pasi Kärkkäinen
pasik at iki.fi
Wed Sep 5 10:03:03 EDT 2018
On Tue, Sep 04, 2018 at 03:29:20PM +0200, Stian Thorgersen wrote:
> As scopes are often used for permissions in the applications themselves it
> would be useful to have a mechanism to grant a user access to a scope.
>
> For example if you have the scopes "photos:view" and "photos:edit" you
> would like only users that are permitted to use the photos application to
> be able to get those scopes in the token.
>
> One simple way of doing this would be to have a optional required role
> associated with a client scope. Then we can simply apply the client scopes
> for which the user has the required role.
>
+1
Something like this is definitely needed and useful in Keycloak.
I guess this is: https://issues.jboss.org/browse/KEYCLOAK-8175
-- Pasi
More information about the keycloak-dev
mailing list