[prev in list] [next in list] [prev in thread] [next in thread]
List: keycloak-dev
Subject: [keycloak-dev] Permission for client scopes
From: pasik () iki ! fi (Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?=)
Date: 2018-09-05 14:03:03
Message-ID: 20180905140303.GB18222 () reaktio ! net
[Download RAW message or body]
On Tue, Sep 04, 2018 at 03:29:20PM +0200, Stian Thorgersen wrote:
> As scopes are often used for permissions in the applications themselves it
> would be useful to have a mechanism to grant a user access to a scope.
>
> For example if you have the scopes "photos:view" and "photos:edit" you
> would like only users that are permitted to use the photos application to
> be able to get those scopes in the token.
>
> One simple way of doing this would be to have a optional required role
> associated with a client scope. Then we can simply apply the client scopes
> for which the user has the required role.
>
+1
Something like this is definitely needed and useful in Keycloak.
I guess this is: https://issues.jboss.org/browse/KEYCLOAK-8175
-- Pasi
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic