Open
Description
Describe the bug
Hi,
I am trying to add an optional client scope to a client. However, this fails with an error, that the scope is already present on this client. If I do not add the default optional clients, the default optional clients are lost.
Error: validation error: scope offline_access is already attached to client as an optional scope
Both manifests lead to the same error message. I do not know how to add a client scope without losing the default ones. This seems like an unexpected behavior to me.
Thanks for your feedback
Version
26
Expected behavior
Being able to add an optional client scope to existing ones.
Actual behavior
You need to only specify the new client scope, in case you also set preassigned ones the manifest fails.
How to Reproduce?
I tried
resource "keycloak_realm_optional_client_scopes" "default_optional_mqtt_client_scope" {
realm_id = data.keycloak_realm.mqtt_realm.id
optional_scopes = concat(tolist(data.keycloak_realm.mqtt_realm.default_optional_client_scopes), [
keycloak_openid_client_scope.mqtt.name
])
}
and
resource "keycloak_realm_optional_client_scopes" "default_optional_mqtt_client_scope" {
realm_id = data.keycloak_realm.mqtt_realm.id
optional_scopes = ["address", "microprofile-jwt", "offline_access", "phone",
keycloak_openid_client_scope.mqtt.name
]
}
Anything else?
No response
Metadata
Metadata
Assignees
Labels
No labels