Generate new client scope for specified service client. The "Frontend" clients, who will use this client scope, will be able to send their access token to authenticate against specified service client
140 logger.debugf(
"Generating audience scope for service client: " + clientId);
142 String clientScopeName = clientId;
144 ClientModel serviceClient =
realm.getClientByClientId(clientId);
145 if (serviceClient == null) {
146 logger.warnf(
"Referenced service client '%s' doesn't exists", clientId);
147 return ErrorResponse.exists(
"Referenced service client doesn't exists");
150 ClientScopeModel clientScopeModel =
realm.addClientScope(clientScopeName);
151 clientScopeModel.setDescription(
"Client scope useful for frontend clients, which want to call service " + clientId);
152 clientScopeModel.setProtocol(serviceClient.getProtocol()==null ? OIDCLoginProtocol.LOGIN_PROTOCOL : serviceClient.getProtocol());
153 clientScopeModel.setDisplayOnConsentScreen(
true);
155 String consentText = serviceClient.getName() != null ? serviceClient.getName() : serviceClient.getClientId();
156 consentText = consentText.substring(0, 1).toUpperCase() + consentText.substring(1);
157 clientScopeModel.setConsentScreenText(consentText);
160 ProtocolMapperModel audienceMapper = AudienceProtocolMapper.createClaimMapper(
"Audience for " + clientId, clientId, null,
true,
false);
161 clientScopeModel.addProtocolMapper(audienceMapper);
164 for (RoleModel role : serviceClient.getRoles()) {
165 clientScopeModel.addScopeMapping(role);
170 return Response.created(
session.getContext().getUri().getAbsolutePathBuilder().path(clientScopeModel.getId()).build()).build();
171 }
catch (ModelDuplicateException e) {
172 return ErrorResponse.exists(
"Client Scope " + clientScopeName +
" already exists");
ClientPermissionEvaluator clients()
void requireManageClientScopes()
KeycloakSession session
Definition: ClientScopesResource.java:67
AdminEventBuilder adminEvent
Definition: ClientScopesResource.java:64
AdminEventBuilder operation(OperationType operationType)
Definition: AdminEventBuilder.java:113
static final Logger logger
Definition: ClientScopesResource.java:61
RealmModel realm
Definition: ClientScopesResource.java:62
AdminEventBuilder resourcePath(String... pathElements)
Definition: AdminEventBuilder.java:171
AdminPermissionEvaluator auth
Definition: ClientScopesResource.java:63