Reputation: 2082
Understanding Keycloak's default client scope "web-origins"
By default, keycloak clients get assigned among other client scopes also scope "web-origins". Apparently, this takes value of "Web Origins" setting from respective client "Access settings" and inserts it to issued access tokens as "allowed-origins" claim, such as 'allowed-origins': [ 'http://localhost:3401' ].
Can you help me understand how is this meant to be used? Who shall be asserting values in this claim and how?
I can't find documentation about this. I only found some mailing list discussion about removing it https://groups.google.com/g/keycloak-user/c/3PpyfPta81I but that's about it.
Is it perhaps claim specific when trying to use the access token to call keycloak's APIs? If yes, can I freely remove this when the issued tokens are used ONLY to access my own resource server?
Thank you.
Upvotes: 0
Views: 23
Answers (0)
Related Questions
- CORS Error with Keycloak despite correct Web Origins and setup in Docker environment
- Keycloak CORS issue when being redirected to login
- Configure "Javascript OpenID Connect Protocol Mapper" (for Keycloak 18) via Terraform
- CORS issue with Keycloak using it in React and Web Origins set
- Confusion with OIDC and access token scopes
- Keycloak javascript adapter init with tokens not working?
- How does keycloak determine which signature algorithm to use?