[keycloak-user] Keycloak AuthZ Client - Link resource/scope to policy/permission via API

[FREIMUELLER Christian]

Thanks, Pedro for the information - that helped me a lot. 

I will try to achieve this with the Admin Client API - I think you are referring to the clients CRUD API, aren't you?

When is the improvement on the client API and REST API planned? -> the mentioned ticket below is currently without a proposed fix version...

Kind regards,
Christian

-----Original Message-----
From: Pedro Igor Craveiro e Silva [mailto:psilva at redhat.com] 
Sent: 18 October 2016 16:34
To: FREIMUELLER Christian; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Keycloak AuthZ Client - Link resource/scope to policy/permission via API

Hi Christian.

Currently we don't support that, but we have KEYCLOAK-3135 [1] which I
think is related with what you are looking for.

Actually, you can already do that via Keycloak Admin Client API, but we
would like to come up with a better Client API and REST API for that.

Our roadmap includes not only URI protection, but also other uses cases
supported by UMA.

[1] https://issues.jboss.org/browse/KEYCLOAK-3135

On Tue, 2016-10-18 at 14:11 +0000, FREIMUELLER Christian wrote:
> Dear all,
> 
> I've a question regarding the authZ client.
> 
> Is there a way to connect the resources created with the client with
> policies/permissions via the API, or is there only the HMI (Admin
> Console) to make this connection?
> 
> The thing is we would like to use Keycloak for defining the access
> rights on thousands of resources (objects like database entries,
> files) and it would be very cumbersome to do this by hand for each
> single resource.
> 
> Or is this authorization service meant to be used in another way
> (protecting URI for applications) only?
> 
> Best regards,
> Christian
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-- 
Pedro Igor