creating roles during client registration

[Vlasta Ramik]

Hello,

recently I've been working on KEYCLOAK-18311. The issue is about unability to create roles using client-registration-api after KEYCLOAK-14846. KEYCLOAK-14846 changed a way how the default roles are handled inside keycloak (instead of storing default roles within each realm and client it's stored as composite role of realm role default-role-${realmName})

Some users used to use ClientRepresentation.defaultRoles for creating client roles, which seems to be a bit misusage of default roles concept.

I've sent PR [1] with fix which adds back the possibility to use ClientRepresentation.defaultRoles for creating the roles during client registration.

But maybe we can use a different approach and add new filed into ClientRepresentation which will be used only for client-registration-api (not for import or admin console) which seems a bit cleaner? The fallback to default roles would need to be added for backwards compatibility.

Or maybe something else would be better?

[1] https://github.com/keycloak/keycloak/pull/8254

[Jurrie Overgoor]

Hello,

I was wondering if there ever was an update on this? The PR has a comment saying discussion should take place on this list. But I failed to find that discussion 😀

I briefly checked Keycloak 16.1.1, and the situation seems to be unchanged. Am I correct in this?

With kind regards,

Jurrie