keycloak-scim/release_notes/topics/4_0_0_final.adoc

20 lines
No EOL
1.2 KiB
Text

= Client Scopes and support for OAuth 2 scope parameter
We added support for Client Scopes, which replaces Client Templates. Client Scopes are a more flexible approach and also provides
better support for the OAuth `scope` parameter.
There are changes related to Client Scopes to the consent screen. The list on the consent screen is now linked to client scopes
instead of protocol mappers and roles.
See the documentation and migration guide for more details.
= OAuth 2 Certificate Bound Access Tokens
We now have a partial implementation of the specification
https://tools.ietf.org/html/draft-ietf-oauth-mtls-08[OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens] .
More accurately we have support for the Certificate Bound Access Tokens. If your confidential client is able to use 2-way SSL,
{project_name} will be able to add the hash of the client certificate into the tokens issued for the client. At this moment,
it's just the {project_name} itself, which verifies the token hashes (for example during `refresh token` requests).
We plan to add support to adapters as well. We also plan to add support for Mutual TLS Client Authentication.
Thanks to https://github.com/tnorimat[tnorimat] for the contribution.