[keycloak-user] Authorization Services and UMA 2.0 changes
Corentin Dupont
corentin.dupont at gmail.com
Thu Feb 22 15:14:15 EST 2018
Hi Pedro and all,
how is it going with those changes? Any landing date in view?
It looks very promising.
On Mon, Jan 29, 2018 at 3:09 PM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> That sounds great, thanks a lot!
>
> On Mon, Jan 22, 2018 at 2:07 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> Hi All,
>>
>> We are about to finish the initial round of changes to make Keycloak
>> Authorization Services compliant with UMA 2.0.
>>
>> One of the main changes is related with a new OAuth2 Grant Type introduced
>> by UMA 2.0 [1] and how it will be used as a replacement for both
>> Entitlement and Authorization API. In UMA 2.0, there is no Authorization
>> API anymore, thus it will be removed on future versions of Keycloak.
>> Regarding Entitlement API, it will also be removed in favor of the new
>> grant type, but in this case we are using some extensions to UMA grant
>> type
>> to provide the same functionality. One of the objectives of this change in
>> particular is to have a single endpoint from where permissions can be
>> obtained.
>>
>> Another important change is also related with UMA where end-users should
>> be
>> able now to manage their own resource and permissions via Account
>> Management Console. Users would be able to access a "Resource" page from
>> where they can:
>>
>> * See the resources they own
>> * Check for pending permission requests (waiting for the owners approval).
>> As well options to grant/deny the request.
>> * Check for all "shared resources" / granted permissions. As well options
>> to revoke permissions
>> * Select an user they want to grant access to a resource and/or scope
>>
>> Other changes are related with the Policy Enforcer, Authorization Client
>> Java API and configuration. For these areas in particular changes are
>> minimal, specially regarding policy enforcer configuration.
>>
>> These changes are targeted to Keycloak v4 and we'll be updating docs
>> accordingly, specially on how to migrate to the new version.
>>
>> Regards.
>> Pedro Igor
>>
>> [1] https://docs.kantarainitiative.org/uma/wg/oauth-uma-grant-2.0-09.html
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list