[keycloak-dev] Credentials in javascript adapter
Stan Silvert
ssilvert at redhat.com
Tue Nov 19 09:24:49 EST 2019
On 11/19/2019 5:34 AM, Stian Thorgersen wrote:
> Added a PR with new account-console client here:
> https://github.com/keycloak/keycloak/pull/6501
>
> All roles and permissions are still associated with "account" client
> as that is what represents the Account REST API. So the only thing
> that is needed is to create a new account-console public client with
> the correct scope/audience and update index.ftl to use account-console
> client. Ignoring the migration code and tests it is a pretty simple
> change.
That's great. Can you enlighten us on how this actually works? I take
it the magic happens in AudenceResolveProtocolMapper? I'm not clear on
what is going on there.
>
> On Mon, 18 Nov 2019 at 20:42, Stan Silvert <ssilvert at redhat.com
> <mailto:ssilvert at redhat.com>> wrote:
>
> On 11/18/2019 8:23 AM, Stan Silvert wrote:
> > Also remember, that we still have option #2, which requires only a
> > documentation note. That is:
> > 2) Document that "tech preview" users should go to Client ->
> account.
> > Then change the Access Type to "public".
> >
> > If you want, I can implement option #1 and just do a PR with the
> change
> > of "account" client to "public". Then we can see if that breaks
> > anything. That would at least tell us a little more. Then we
> can make
> > a final decision on what to do.
> >
> > But I don't want to wait very long for a decision. We need to
> get this
> > nailed down so we can finish new account console in time for
> tech preview.
> >
> I went ahead and implemented #1. All tests pass.
> https://github.com/keycloak/keycloak/pull/6500
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list