[keycloak-user] [Revoke grants] Application without roles
Yann Jacobs
jacobs.yann at gmail.com
Fri Feb 17 09:35:39 EST 2017
Hi,
In reference to an old message sent into maillist :
http://lists.jboss.org/pipermail/keycloak-user/2016-November/008346.html
I got an application who all users can access (no roles defined/requested)
with request consent activated.
All seems to be fine but 'Applications' tab into Account don't display my
application.
According to the ApplicationsBean.java file @ L56
https://github.com/keycloak/keycloak/blob/d941e0716982502ee84255e196f8efb84bce1588/services/src/main/java/org/keycloak/forms/account/freemarker/model/ApplicationsBean.java#L56
// Don't show applications, which user doesn't have access into (any
> available roles)
> if (availableRoles.isEmpty()) {
> continue;
> }
Isn't it too restrictive ?
Can we imagine an more permisive condition ? Like that :
> if (availableRoles.isEmpty() && realmRolesGranted.isEmpty() &&
> resourceRolesGranted.isEmpty() && claimsGranted.isEmpty() &&
> additionalGrants.isEmpty()) {
> continue;
> }
Can we consider that we can revoke grants without availableRoles ?
Is it a bug or a missing/not supported use-case ?
Thx
More information about the keycloak-user
mailing list