[keycloak-user] [Authorization] Get user roles from token

Wed Dec 16 10:45:16 EST 2015

oh when you said:

use-resource-role-mappings

it is only available through the keycloak.json

Nothing from Keycloak Admin UI allows you to set the options, so have the installation file ready with everything ?

Regards,

Johan Bos

Le 16/12/2015 16:33, Johan Bos a écrit :
> So it is one or the other.
> The switch is at realm level or per clients?
>
> As I tend to make realm role for securing the clients only and 
> client/resource roles for internal client management, I should be fine
>
> Still It would help to have some merging/mapping so from client we 
> don't have to so much rely on KeyCloak implementation to test roles... 
> Issue is that realm role can have same name as client role. But once 
> there is always some pitfall to avoid.
>
> Thanks
>
> Regards,
>
> Johan Bos
>
> Le 16/12/2015 15:45, Bill Burke a écrit :
>> See use-resource-role-mappings switch:
>>
>> If set to true, the getResourceAccess("resource-name") roles will be
>> mapped into isUserInRole, otherwise getRealmAccess is mapped into
>> isUserInRole
>>
>> Not the best I know.  We've been meaning to add some sort of role
>> mapping facility to the adapter.
>>
>> On 12/16/2015 9:17 AM, Johan Bos wrote:
>>> Why is HttpRequest.isUserInRole(<role>) not capable to return true when
>>> the role is present in the AccessToken.getRealmAccess?
>>>
>>> Regards,
>>>
>>> Johan Bos
>>>
>>> Le 16/12/2015 15:09, Bill Burke a écrit :
>>>> AccessToken.getResourceAccess or AccessToken.getRealmAccess
>>>>
>>>> On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
>>>>> Its not clear to me how you get the assigned roles from the 
>>>>> AccessToken.
>>>>> For instance, is the realm has configured the user to have roles 
>>>>> "user"
>>>>> and "editor" how do I find these in the AccessToken?
>>>>>
>>>>> Tim
>>>>>
>>>>> On 07/12/2015 02:53, Bill Burke wrote:
>>>>>> For Java HttpServletRequest.isUserInRole() works.  If you 
>>>>>> typecast the
>>>>>> principal to KeycloakPrincipal you can obtain the AccessToken.
>>>>>>
>>>>>> On 12/6/2015 5:39 PM, Pavel Maslov wrote:
>>>>>>> Hi everyone,
>>>>>>>
>>>>>>>
>>>>>>> Do Keycloak adapters support user authorization? I mean, of course
>>>>>>> they
>>>>>>> do :) For example, the API I have secured with Keycloak receives a
>>>>>>> Keycloak access token from the client. How can I validate the token
>>>>>>> (check user roles) in my code? I am interested in the Java
>>>>>>> (wildfly) and
>>>>>>> Javascript adapters.
>>>>>>>
>>>>>>> Manually I am using jwt.io <http://jwt.io> to check the token. I am
>>>>>>> just
>>>>>>> curious if the Keycloak adapters support smth similar out of the 
>>>>>>> box.
>>>>>>>
>>>>>>> Thank you for your answers.
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Pavel Maslov, MS
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151216/268c1214/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: johan_bos.vcf
Type: text/x-vcard
Size: 335 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20151216/268c1214/attachment.vcf 