16 lines
1.1 KiB
Text
16 lines
1.1 KiB
Text
|
= Javascript engine available by default on the classpath
|
||
|
|
||
|
In the previous version, when Keycloak was used on Java 17 with Javascript providers (Script authenticator, Javascript authorization policy or Script protocol mappers for OIDC and SAML clients),
|
||
|
it was needed to copy javascript engine to the distribution. This is no longer needed as Nashorn javascript engine is available in Keycloak server by default. When you deploy script providers,
|
||
|
it is recommended to not copy the nashorn script engine and it's dependencies into the Keycloak distribution.
|
||
|
|
||
|
= Change of the default Client ID mapper of Service Account Client
|
||
|
|
||
|
Default `Client ID` mapper of `Service Account Client` has been changed. `Token Claim Name` field value has been changed from `clientId` to `client_id`.
|
||
|
`client_id` claim is compliant with OAuth2 specifications:
|
||
|
|
||
|
- https://datatracker.ietf.org/doc/html/rfc9068#section-2.2[JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens]
|
||
|
- https://www.rfc-editor.org/rfc/rfc7662#section-2.2[OAuth 2.0 Token Introspection]
|
||
|
- https://datatracker.ietf.org/doc/html/rfc8693#section-4.3[OAuth 2.0 Token Exchange]
|
||
|
|
||
|
`clientId` userSession note still exists.
|