Created question in FIWARE Q/A platform on 29-03-2017 at 22:03
Please, ANSWER this question AT https://stackoverflow.com/questions/43103151/how-does-roles-work-in-keyrock
Question:
How does roles work in Keyrock?
Description:
I want to know how the role based authorization works in FIWARE Keyrock. I have tested a scenario where a user A registers an application appA in Keyrock. The user B that is not on the authorized list for application appA can request a token for another application (appB, for example) and successfully access the appA with the token obtained from appB.
Another test performed was to include user A in the authorized list for appA, but with a role that has no permissions. Again, the user A gets access to appA with credentials from another application.
Can anyone explain me how this work, if it really work?