Johannes Bergmann
Johannes Bergmann
I like the idea of accepting a token with dedicated hono specific claims: ``` { "iss": "https://home-appliances.org/", "sub": "Peter Piper's refrigerator", "tenant": "PETERS_TENANT", "device": "4711" } ``` It is probably...
@sophokles73 the colon is also fine. I don't think there is a general rule. Sometimes URIs are used as namespace to avoid collision of token claims, but if you want...
On Keycloak 18.0.2 I just observed that the response of [Retrieving external IDP tokens](https://www.keycloak.org/docs/latest/server_development/#retrieving-external-idp-tokens) is not as expected. `GET /realms/{realm}/broker/{provider_alias}/token` returns the IdP ID token under JSON key "access_token" and...
@edewit I think it's ok to have the inherited roles initially hidden. It's just important to provide at least a way to drill down to the effective roles. At least...
@edewit indeed it's an improvement that a client doesn't need to be selected upfront. However an admin needs a view which shows the effective roles of a user. The only...
It would be really good to have tab "Mappers" and there all mappers listed which are applied, including their source client scope where they are managed. This would give a...
Hi @xianli123 and @Captain-P-Goldfish, I think it would be ok to remove dedicated client mapper and role scope configuration, so that a mappers and roles scope are always configured as...
That's true, a client scope could be named _myClient-client-scope_ but it doesn't prevent that the scope is used by other clients. But isn't a naming convention enough to signalize that...
Could be two steps towards a fully editable profile: 1. Display all readable attributes read-only. (This doesn't need custom input elements controlled by attribute annotation.) Have an edit button which...
Like @marsbear and the orginal author of the issue, I think that a client should get multiple different refresh tokens, while each of the tokens can not be reused, but...