[keycloak-user] Entitlement request with additional parameters
Corentin Dupont
corentin.dupont at gmail.com
Wed Apr 11 11:22:03 EDT 2018
Thanks for the info.
So if I understand, I need to upgrade to UMA endpoint when it will be
available.
Cheers
On Tue, Apr 10, 2018 at 2:20 PM, Pedro Igor Silva <psilva at redhat.com> wrote:
> Hi Corentin,
>
> We are adding support for "pushed claims". That is the main task I'm
> working with right now.
>
> If you want to track the changes being made and provide any feedback,
> please watch https://issues.jboss.org/browse/KEYCLOAK-4903. So far, I
> have enabled pushing claims when using UMA and permission tickets. As you
> might know, with the introduction of UMA 2.0 there is no specific endpoint
> for entitlements anymore. Now permissions are evaluated using the token
> endpoint. Next step is enable "pushed claims" to non-UMA requests (without
> permission tickets, just like the old entitlement api).
>
> On Tue, Apr 10, 2018 at 8:09 AM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi guys,
>> I use the entitlement API to check access control on my resources. Here I
>> check if a user can update a sensor:
>>
>> curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer
>> $TOKEN" -d '{
>> "permissions" : [
>> {
>> "resource_set_name" : "Sensors",
>> "scopes" : [
>> "sensors:update"
>> ]
>> }
>> ]
>> }' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>
>>
>> But I would like to make complex policies that check additional
>> parameters,
>> such as sensor status etc.
>> How can I pass along the additional parameters to the request, and use
>> them
>> in my policies? I use javascript policies mainly.
>>
>> Thanks
>> Corentin
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list