[keycloak-dev] Authorization JS adapter, where should I put it ?
Pedro Igor Silva
psilva at redhat.com
Tue Jun 21 15:59:08 EDT 2016
Would like to make available a JS adapter for authorization. It's purpose is to make life easier for those using JS when interacting with an resource server which resources are being protected by a policy enforcer.
The idea is that you can use the adapter for some very common scenarios. For instance, suppose you are using AngularJS and you want to handle 403 from the resource server so you can obtain a RPT with the necessary permissions to retry the
request:
var Authorization = new KeycloakAuthorization();
// our adapters return a WWW-Authenticate header with the necessary information to build an authorization request to a Keycloak Server
Authorization.authorize(response.headers('WWW-Authenticate')).then(function (rpt) {
// onGrant callback function. If granted you'll get a RPT which you can use as bearer token to get access to protected resources
}, function () {
// onDeny callback function
}, function () {
// onError callback function
});
The above code is particular useful because the JS adapter will automatically identify how the resource server is being protected (if using UMA or our entitlements protocol) and act accordingly.
Or you can just obtain the entitlements using our Entitlements API:
authorization.entitlement('my-resource-server-id').then(function (rpt) {
// onGrant callback function. If granted you'll get a RPT which you can use as bearer token to get access to protected resources
})
In the future, I would like to introduce more methods such as:
if (authorization.hasPermission('Main Page', 'Action 1')) {
// do something if current user has permissions to click a button on a page
}
Should I put that stuff into keycloak.js or provide it separately ?
Regards.
Pedro Igor
More information about the keycloak-dev
mailing list