[keycloak-user] Authz - Problem stacking entitlmenets
cen
imbacen at gmail.com
Tue Dec 18 04:48:01 EST 2018
Hi
I am trying to stack all permissions from two different confidential
clients via entitelments API.
Steps:
1. Get access token for public client
2. Get entitlements for client 1:
Authorization: Bearer access_token
grant_type: urn:ietf:params:oauth:grant-type:uma-ticket
audience: client1
Returns RPT with all resources owned by user on client1. Works as expected.
3. Get entitlements for client 2
Authorization: Bearer access_token
grant_type: urn:ietf:params:oauth:grant-type:uma-ticket
audience: client2
rpt: {{rpt from step 2}}
Response: forbidden 403
{
"error": "access_denied",
"error_description": "not_authorized"
}
If I remove rpt parameter I get all permissions for client 2 as
expected. What is the reason for 403? Why would rpt param result in 403,
isn't it is supposed to be there just to stack additional permissions?
Must be some additional checks which I am not aware of. What are they?
reference doc:
https://www.keycloak.org/docs/4.6/authorization_services/#_service_obtaining_permissions
Best regards
More information about the keycloak-user
mailing list