Support for Scope configuration on realm level is incomplete

[thomasdarimont]

In PR #464 we introduced support for the configuration of client scopes on realm level.

As it turned out this was not complete and needs to be reworked.

• clientScopes need to be provided as a list of ClientScopeRepresentation

Custom scopes are created during realmImport via RepresentationToModel#realmImport

[blajoie55]

It's been almost 3 years and this feature still doesn't work (despite the feature being in the documentation for the keycloak_realm resource) and this issue is still open. We have hit this same problem now at my company. Is there going to be any movement on this?

[nicolas-urbantz]

We also have the same problem and had to make an additional API call. Is it planned to be fixed?

Thanks

[TBeijen]

It might be worth considering moving the attribute realm.default_default_client_scopes to a separate resource. Similar to how it is handled on a per-client basis via keycloak_openid_client_default_scopes

It's easy to hit chicken-egg dependency problems in the current setup:

• Adding a new client scope requires realm to exist
• Then how to add a non-built-in client scope to the default_default_client_scopes list that is part of the realm definition?

[pboehm]

@thomasdarimont @TBeijen I have implemented the management of default and optional client scopes on a realm level via dedicated resources in this PR #1079