[keycloak-user] Exception after changing roles
Bill Burke
bburke at redhat.com
Thu Aug 20 10:18:24 EDT 2015
On 8/20/2015 3:18 AM, Stian Thorgersen wrote:
> +1 We should just update the access token with new details and roles
>
> Not sure if this is really an issue, but would there be a case where an application caches the claims in the token? I don't think there is, but if we do update the token we should make it 100% clear in the docs that this will happen.
>
The problem is consent. If a client requires consent, you can't add new
details to the token without that consent. Looks like we don't check
for that, we should.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list