Pedro Igor
Pedro Igor
I can squash before merging.
@mabartos Somes tests are failing. I'm not 100% sure what might be causing but I suspect it is related to how re-augmentation is happening after your changes. Or how the...
@nickzelei When exchanging the token you are actually issuing the token to the client making the token exchange so that this client can access some protected resource from the target...
@NeoVG It does not make sense to exchange a token from a confidential client for a public client.
Thanks for the discussion. If there is anything else to discuss, feel free to re-open.
@keliwath Yeah, the resource-owner password grant should be avoided and it is removed from the latest versions of the OAuth2 spec. Could you elaborate more about your use case and...
Allowing public clients to exchange tokens opens security holes and that is the reason behind the last updates we did in this area. Conceptually, it is also wrong because a...
@albert0815 First of all, sorry for the delay. You're right about the #1 assumption. However, this only happens if the path you are configuring does not point a existent resource...
@Alexander72 We miss a `PATCH` method in our endpoints. That should ideally be the case for updating attributes as you are doing. I agree we should try to align with...
@Alexander72 Thanks, we appreciate your contribution. It should be a matter of checking if attributes should be removed when updating existing attributes. Something like that https://github.com/pedroigor/keycloak/tree/tmp-up. Does it work for...