[keycloak-dev] How to share a resource with a user via UMA 2.0 API

Federico Michele Facca federico.facca at martel-innovate.com
Fri May 11 07:30:48 EDT 2018

We are looking into integrating keycloak UMA 2.0 APIs in our platform to
allow users to share resources, ask access to resources, approve sharing,
exactly how it is possible via the Keycloak Account UI.
It looks like the Account UI is currently using directly keycloak java APIs
to do so.

Looking at the current REST API implementation it seems not possible that:
1. A owner shares directly a resource (without the user requesting that).
2. Lists the permissions related to resources of an owner, including also
the information on who requested that.

In our understanding, to obtain 2. we should some how retrieve the
Requester from the TicketStore and attach the information to the response
(but this would "break" the UMA standard, as anyhow parameters as
"returnNames=true" do, so maybe when the request is using "returnNames=true"
we could attach as well the requester name and it).

For 1, we have no clear ideas, if not adding "requester" as well in the
ticket creation.

Any hint would be highly appreciated, so that we can work up some
implementation to provide both features.


*Head of Martel Lab*
0041 78 807 58 38
*Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
support for innovation projects
Click to download our innovators' insights!
Follow Us on Twitter <https://twitter.com/Martel_Innovate>

More information about the keycloak-dev mailing list