Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4156

Bearer-only clients can't have service accounts and credentials

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: 4.8.3.Final
    • Fix Version/s: None
    • Component/s: Authorization Services
    • Labels:
      None
    • Release Notes Text:
      Bearer-only clients may need service account to exchange (downgrade) tokens. Also, the other issues expressed in this JIRA belong in other jiras.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      A bearer-only client should not be able to obtain tokens on behalf of users through authorization grant flow and/or direct grant, but they should be able to obtain tokens on behalf of themselves through the client credentials grant and they should also be able to use authorization services. They should also be able to invoke the token introspection endpoint.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  stianst Stian Thorgersen
                • Votes:
                  15 Vote for this issue
                  Watchers:
                  18 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: