Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-1959

Role "offline_access" is effective only when explicitly added to user

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.6.0.Final
    • Component/s: None
    • Labels:
      None

      Description

      Scenario:

      • Two realm roles: "user" and "admin" are defined by the application
      • Realm "admin" is composed of "user"
      • Realm "user" is composed of "offline_access"
      • User "jdoe" is "user" in the realm

      When trying to request an offline token for "jdoe", an error occurs (not_allowed), even though "offline_access" appears as part of the "effective roles" on the UI. Adding "offline_access" explicitly as a realm role for "jdoe" makes it work as expected.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mposolda Marek Posolda
                Reporter:
                juraci.costa Juraci Paixão Kröhling
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: