Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-10731

Change role policies to not only rely on the roles within the token

    Details

      Description

      As a user, I want to avoid defining claims in tokens to carry on the roles granted to a user while still being able to use role policies.

      Currently, role policies rely on the roles within the token representing the subject which is kind of redundant given that applications using authorization services rely on resource-based access control and don't really need to have access to the roles granted to a user.

      This is also related to one of the main benefits of using authorization services, which is reducing the token size by using tokens where only the permissions (regardless of other claims, groups or roles) are important to get access to protected resources.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                pcraveiro Pedro Igor Silva
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: