Stian Thorgersen
commit
c7ba6159b5
1 changed files with 1 additions and 1 deletions
|
|
@ -152,7 +152,7 @@
|
|||
of roles that an application or oauth client is allowed to ask permission for. Access tokens are always
|
||||
granted at the request of a specific application or oauth client. This also holds true for SSO. As you visit
|
||||
different sites, the application will redirect back to the Keycloak Server via the OAuth 2.0 protocol to obtain an access
|
||||
token specific to that application. The role mappings contained within the token are the union
|
||||
token specific to that application. The role mappings contained within the token are the intersection
|
||||
between the set of user role mappings and the permission scope of the application/oauth client. So,
|
||||
access tokens are tailor made for each application/oauth client and contain only the information required
|
||||
for by them.
|
||||
|
|
|
|||
Loading…
Reference in a new issue