You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the "view-clients" role an user should be able to inspect an entire client.
The credentials tab however is currently only available with the "manage-clients" role.
Version
19.0.1
Expected behavior
An user with the "view-clients" role can insepect the client credentials.
Actual behavior
An user with the "view-clients" role is not presented with the credentials tab.
How to Reproduce?
Create a new Client and enable "client authentication".
Create new user in the admin realm, assign the "view-clients" role, login and check for the client from step 1.
In its description the pull request even specifies that no "manage-clients" role should be necessary.
To see the Clients section the user should have "view-clients" and "query-clients" roles.
To see the Permissions tab, the user also needs "manage-authorization" role.
To see Keys and Credentials tabs, the client needs to have Client authentication enabled.
The text was updated successfully, but these errors were encountered:
Hello !
We use fine-grained auth functionnaliy, but the #19449 didn't really fix the issue for us.
For some explainations, we use fine grain to provide access in read only access for specifics clients. On the realm-management client, we only add the query-clients role for a specific user group.
And on clients permissions tab, for our specifics clients, we add view permission for the policy linked to the user group.
It's pretty the same issue but for fine-grained client permissions.
arthur25000
pushed a commit
to arthur25000/keycloak
that referenced
this issue
May 4, 2023
Describe the bug
With the "view-clients" role an user should be able to inspect an entire client.
The credentials tab however is currently only available with the "manage-clients" role.
Version
19.0.1
Expected behavior
An user with the "view-clients" role can insepect the client credentials.
Actual behavior
An user with the "view-clients" role is not presented with the credentials tab.
How to Reproduce?
Anything else?
The Bug came with the changes from #2702.
In its description the pull request even specifies that no "manage-clients" role should be necessary.
The text was updated successfully, but these errors were encountered: