Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5006

Remove roles, protocolMappers, timestamp from AuthenticatedClientSessionModel

    Details

      Description

      The protocolMappers and roles need to be removed from AuthenticatedClientSessionModel. They are currently here because of:

      • Scope parameter. There might be different roles, protocolMappers based on the used scope parameter
      • Consent : We want to ensure that same roles+protocolMappers approved on consent screen are used in clientSession and not any others

      There might be an issue here, because right now, we have just single AuthenticatedClientSessionModel per client+userSession . So we rather need to move roles+protocolMappers to code JWT and refreshToken JWT, which will ensure that multiple clientSessions of same userSession may have different roles+protocolMappers according to scope etc.

      There are other things, which likely should be removed from AuthenticatedClientSessionModel. At least timestamp and possibly some other things. Eventually we need to doublecheck if it's possible to remove AuthenticatedClientSessionModel entirely and have userSession to contain just list of client UUIDs.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mposolda Marek Posolda
                  Reporter:
                  mposolda Marek Posolda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: