-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add mention of basic scope handling to migration guide #1073
Labels
Comments
thomasdarimont
added a commit
to thomasdarimont/keycloak-project-example
that referenced
this issue
Jun 26, 2024
thomasdarimont
added a commit
to thomasdarimont/keycloak-project-example
that referenced
this issue
Jun 26, 2024
Hi @thomasdarimont, I guess it is also necessary to define the basic-scope:
|
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Statement
With the introduction of the dedicated "basic" scope in Keycloak, existing realm configurations with custom clients might now produce access tokens that don't contain the
sub
claim anymore. This is because the newbasic
scope that emits those claims might be removed by an explicitdefaultClientScopes
configuration.The Keycloak 25 migration documentation documents that the
basic
scope is automatically added to existing clients during realm migration, however some client configurations with adefaultClientScopes
configuration might lack thebasic
scope configuration. In that case keycloak-config-cli will remove thebasic
scope again.Proposed Solution
Add a short note to the migration guide about the need to add the
basic
scope explicitly when a client configuration usesdefaultClientScopes
.A workaround is to configure the
basic
scope explicitly viadefaultClientScopes
Environment
Additional information
I think this is actually a regression in Keycloak, but some folks might blame keycloak-config-cli here.
Example of a previously working client definition, which will produce access tokens with the
sub
claim:Working client configuration:
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered: