keycloak-scim/docs/documentation/server_admin/topics/clients/proc-evaluating-client-scopes.adoc

22 lines
1.3 KiB
Text
Raw Normal View History

[id="proc_evaluating_client_scopes_{context}"]
[role="_abstract"]
2020-11-11 16:00:15 +00:00
The *Mappers* tab contains the protocol mappers and the *Scope* tab contains the role scope mappings declared for this client. They do not contain the mappers and scope mappings inherited from client scopes. It is possible to see the effective protocol mappers (that is the protocol mappers defined on the client itself as well as inherited from the linked client scopes) and the effective role scope mappings used when generating a token for a client.
.Procedure
2020-11-11 16:00:15 +00:00
. Click the *Client Scopes* tab for the client.
. Open the sub-tab *Evaluate*.
. Select the optional client scopes that you want to apply.
2020-11-11 16:00:15 +00:00
This will also show you the value of the *scope* parameter. This parameter needs to be sent from the application to the {project_name} OpenID Connect authorization endpoint.
.Evaluating client scopes
image:images/client-scopes-evaluate.png[]
[NOTE]
====
To send a custom value for a *scope* parameter from your application, see the *Keycloak JavaScript adapter* in the link:{securing_apps_link}[securing apps] section, for javascript adapters.
====
All examples are generated for the particular user and issued for the particular client, with the specified value of the *scope* parameter. The examples include all of the claims and role mappings used.