<div dir="ltr">I would go for a separate file, keycloak-authz.js. It can then be included by only those that need it and also documented separately.</div><div class="gmail_extra"><br><div class="gmail_quote">On 21 June 2016 at 21:59, Pedro Igor Silva <span dir="ltr"><<a href="mailto:psilva@redhat.com" target="_blank">psilva@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Would like to make available a JS adapter for authorization. It's purpose is to make life easier for those using JS when interacting with an resource server which resources are being protected by a policy enforcer.<br>
<br>
The idea is that you can use the adapter for some very common scenarios. For instance, suppose you are using AngularJS and you want to handle 403 from the resource server so you can obtain a RPT with the necessary permissions to retry the<br>
request:<br>
<br>
var Authorization = new KeycloakAuthorization();<br>
<br>
// our adapters return a WWW-Authenticate header with the necessary information to build an authorization request to a Keycloak Server<br>
Authorization.authorize(response.headers('WWW-Authenticate')).then(function (rpt) {<br>
// onGrant callback function. If granted you'll get a RPT which you can use as bearer token to get access to protected resources<br>
}, function () {<br>
// onDeny callback function<br>
}, function () {<br>
// onError callback function<br>
});<br>
<br>
The above code is particular useful because the JS adapter will automatically identify how the resource server is being protected (if using UMA or our entitlements protocol) and act accordingly.<br>
<br>
Or you can just obtain the entitlements using our Entitlements API:<br>
<br>
authorization.entitlement('my-resource-server-id').then(function (rpt) {<br>
// onGrant callback function. If granted you'll get a RPT which you can use as bearer token to get access to protected resources<br>
})<br>
<br>
In the future, I would like to introduce more methods such as:<br>
<br>
if (authorization.hasPermission('Main Page', 'Action 1')) {<br>
// do something if current user has permissions to click a button on a page<br>
}<br>
<br>
Should I put that stuff into keycloak.js or provide it separately ?<br>
<br>
Regards.<br>
Pedro Igor<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote></div><br></div>