[keycloak-user] Direct Access Grants & 'Client
Stian Thorgersen
stian at redhat.com
Tue Aug 26 03:07:16 EDT 2014
Scope is what roles an application is permitted to ask for, while role mappings for a user is what roles are actually granted.
For example an application could have a scope one role A and B, but only have a role mapping on role A. On its own the application only has access to role A, while if acting on behalf of a user that has both role A and B the application would have both roles.
----- Original Message -----
> From: "John DODGE CONSULTING SERVICES Schneider, LLC" <John.Schneider at carrier.utc.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 12 August, 2014 6:32:34 PM
> Subject: Re: [keycloak-user] Direct Access Grants & 'Client
>
>
>
> Not sure if I follow you Bill. Don’t we already have scope (role) assignment
> capabilities for both OAuth Clients and Applications?
>
>
>
>
>
> Date: Tue, 12 Aug 2014 12:13:21 -0400
>
> From: Bill Burke < bburke at redhat.com >
>
> Subject: Re: [keycloak-user] Direct Access Grants & 'Client
>
> Credentials' OAuth2 grant type
>
> To: keycloak-user at lists.jboss.org
>
> Message-ID: < 53EA3D21.7060609 at redhat.com >
>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
>
>
> Right now we require you to create a user and give permissions to that user.
> Not sure if we'll add client credentials grant as it would require having
> role mappings for clients and applications.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list