This commit is contained in:
Stian Thorgersen 2014-09-02 12:52:22 +02:00
parent d905ce12e3
commit b43909aff1

View file

@ -152,7 +152,7 @@
of roles that an application or oauth client is allowed to ask permission for. Access tokens are always of roles that an application or oauth client is allowed to ask permission for. Access tokens are always
granted at the request of a specific application or oauth client. This also holds true for SSO. As you visit granted at the request of a specific application or oauth client. This also holds true for SSO. As you visit
different sites, the application will redirect back to the Keycloak Server via the OAuth 2.0 protocol to obtain an access different sites, the application will redirect back to the Keycloak Server via the OAuth 2.0 protocol to obtain an access
token specific to that application. The role mappings contained within the token are the union token specific to that application. The role mappings contained within the token are the intersection
between the set of user role mappings and the permission scope of the application/oauth client. So, between the set of user role mappings and the permission scope of the application/oauth client. So,
access tokens are tailor made for each application/oauth client and contain only the information required access tokens are tailor made for each application/oauth client and contain only the information required
for by them. for by them.