Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Allow to hide client scopes from scopes_supported in discovery endpoint #10388

New issue
New issue
Closed
enhancement
#10409
Closed
Allow to hide client scopes from scopes_supported in discovery endpoint#10388
enhancement
#10409
Assignees
ahus1
Labels
kind/enhancementCategorizes a PR related to an enhancementpriority/importantMust be worked on very soonrelease/26.4.4release/26.5.0
@cgeorgilakis

Description

@cgeorgilakis
cgeorgilakis
opened on Feb 22, 2022

Description

Keycloak need to be extended in order to be able to hide client scopes from discovery( OpenID Provider Metadata).

We propose to add ClientScopeAttributeEntity with name hideFromOpenIDProviderMetadata (label = Hide from OpenID Provider Metadata) with default value as false. If this value become true, this scope will not listed in OpenID Provider Metadata.

Finally, with this implementation no change is needed during migration.

Discussion

No response

Motivation

According to https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata:

The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used, although those defined in OpenID.Core SHOULD be listed, if supported.

Details

No response

Metadata

Metadata

Assignees

Labels

kind/enhancementCategorizes a PR related to an enhancementpriority/importantMust be worked on very soonrelease/26.4.4release/26.5.0

Type

enhancement

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions