From b43909aff105bef402f808b7f7115fc01db19184 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Tue, 2 Sep 2014 12:52:22 +0200 Subject: [PATCH] Doc fix --- docbook/reference/en/en-US/modules/Overview.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docbook/reference/en/en-US/modules/Overview.xml b/docbook/reference/en/en-US/modules/Overview.xml index a6ca411123..d14169e1f8 100755 --- a/docbook/reference/en/en-US/modules/Overview.xml +++ b/docbook/reference/en/en-US/modules/Overview.xml @@ -152,7 +152,7 @@ of roles that an application or oauth client is allowed to ask permission for. Access tokens are always granted at the request of a specific application or oauth client. This also holds true for SSO. As you visit different sites, the application will redirect back to the Keycloak Server via the OAuth 2.0 protocol to obtain an access - token specific to that application. The role mappings contained within the token are the union + token specific to that application. The role mappings contained within the token are the intersection between the set of user role mappings and the permission scope of the application/oauth client. So, access tokens are tailor made for each application/oauth client and contain only the information required for by them.