Hello everyone,
given the following setup.
- A client “foo” (access type public, Direct Access Grants Enabled)
- A client scope “some:user” (Optional Client Scope for client “foo”)
- A user with the realm role “foo-admin”
When the user is requesting an access token with the “foo” client we want the client scope “some:user” to be assigned based on his realm role “foo-admin”. Users without the role should not be able to get that client scope.
I followed the instructions on this blog post and assigned the role “foo-admin” on the scope tab of the client scope.
As a far as i can tell it does what i want, but to be honest the tooltip sounds like a complete different topic, as i did not create user role mapping in advance or something like that. Tooltip: “Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client.”
Is this configuration correct? Can somebody clarify what that scope mapping does?
Thanks in advance