[keycloak-user] Full Scope Allowed OFF
Marek Posolda
mposolda at redhat.com
Mon Dec 8 08:17:40 EST 2014
Hi,
javascript application itself always accept all authenticated users,
there is no authorization check of roles done in javascript adapter
inside browser after authentication. But after successful
authentication, your javascript app will receive accessToken and this
token will have only roles limited by scopes you configured. Basically
the roles in access token is intersection of:
- roles, which user is assigned to
- roles, configured by scope mapping of your application
The access token can then be used for REST calls and authorization of
the token and granted roles is done by these rest calls.
Marek
On 8.12.2014 14:06, Carlos Feria wrote:
> Hi. Sorry by the question but i have a problem that i can’t solve.
>
> I’m using “Pure Client Javascript Adapter” and a APPLICATION WITH
> “Full Scope Allowed OFF, and Assigned Roles ”.
>
> When i do “*keycloak.init({ onLoad: ‘login-required’ })*” the login
> page shows, but there accept all user accounts, I need login just
> users with Assigned Roles on Scope”. Is there a bug? how can i solve
> my problem? Thanks for all.
>
>
> --
> Carlos E. Feria Vila
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141208/98c5e94e/attachment.html
More information about the keycloak-user
mailing list