[keycloak-user] Why scope permission denial affects the whole resource avaiability?

Artem Voskoboynick tema.voskoboynick at gmail.com
Sun Jul 3 16:41:09 EDT 2016


Looks I've clarified the problem:
A resource with scopes won't be permitted if there are no permitted scopes.

This is a strange behavior - if there are no permitted scopes, the resource
should still be available, it just doesn't have any additional actions
(scopes) permitted.
In support, if you take a resource without scopes, the resource is
available (given all resource permissions are permitted). But following the
current logic Keycloak handles scopes, the resource shouldn't be available
then, since there are no available scopes.

Now, the only solution is to create a dummy scope and always assign it to
resources, so that they don't get blocked when no other scopes are
available.

I think, this behavior should be changed.
What do you think?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160704/734ac0dd/attachment-0001.html 


More information about the keycloak-user mailing list