Client Scope roles support

[myardyas]

Hi, Is there a way to support Roles in Client Scope settings? I mean: Client Scopes -> [Choose One] -> Tab 'Scope'. There are realm/clients roles could be set. Thanks in advance!

[mrparkers]

That isn't currently supported. I could see this being a new resource, like keycloak_openid_client_scope_role_scope_mappings, although that is a pretty long name. Let me know if you have any suggestions for the name or the API.

[myardyas]

This name keycloak_openid_client_scope_role_scope_mappings sounds good, quite descriptive. Thanks!

[FlxPeters]

I also have demand on this. Is there any plan for implementation? Otherwise i would try to find some time implementing this.

[schmocker]

I also have need for that. I would call it keycloak_openid_scope_role_scope_mapper since it can be applied on

• Client Scopes -> [Choose One] -> Tab 'Scope' -> select a client in 'Client Roles'
• Clients -> Tab 'Scope' -> select a client in 'Client Roles' (if 'Full Scope Allowed' if 'off')

so like keycloak_openid_audience_protocol_mapperor other mapppers it probably better to implement is for both scenarios.

[nickzelei]

I also have a need for this.

My implementation of keycloak heavily uses Role -> Client Scope mappings for mapping roles that come from our IdP into scopes.

I also need it in my case when setting up service accounts to map a service account specific client scope from a service account specific client role.

@FlxPeters have you taken a crack at this yet in any capacity?

[nielsvonstein-8336]

Hej, hope finding a suitable name is the only obstacle. We are also in need to configure a client scope's scope mapping to roles. Any idea if this is going to be addressed somewhen soon?

[kherock]

Isn't this already supported by generic_client_role_mapper? It took me a little while to find it because I was expecting a name like generic_client_scope_mapping.