[prev in list] [next in list] [prev in thread] [next in thread] 

List:       keycloak-dev
Subject:    [keycloak-dev] Permission for client scopes
From:       pasik () iki ! fi (Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?=)
Date:       2018-09-05 14:03:03
Message-ID: 20180905140303.GB18222 () reaktio ! net
[Download RAW message or body]

On Tue, Sep 04, 2018 at 03:29:20PM +0200, Stian Thorgersen wrote:
> As scopes are often used for permissions in the applications themselves it
> would be useful to have a mechanism to grant a user access to a scope.
> 
> For example if you have the scopes "photos:view" and "photos:edit" you
> would like only users that are permitted to use the photos application to
> be able to get those scopes in the token.
> 
> One simple way of doing this would be to have a optional required role
> associated with a client scope. Then we can simply apply the client scopes
> for which the user has the required role.
>

+1

Something like this is definitely needed and useful in Keycloak.

I guess this is: https://issues.jboss.org/browse/KEYCLOAK-8175


-- Pasi


[prev in list] [next in list] [prev in thread] [next in thread]