[keycloak-user] Authorization Services and UMA 2.0 changes

Pedro Igor Silva psilva at redhat.com
Thu Feb 22 17:45:42 EST 2018


PR is being reviewed. It should be merged very soon.

On Thu, Feb 22, 2018 at 5:14 PM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hi Pedro and all,
> how is it going with those changes? Any landing date in view?
> It looks very promising.
>
> On Mon, Jan 29, 2018 at 3:09 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> That sounds great, thanks a lot!
>>
>> On Mon, Jan 22, 2018 at 2:07 PM, Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> We are about to finish the initial round of changes to make Keycloak
>>> Authorization Services compliant with UMA 2.0.
>>>
>>> One of the main changes is related with a new OAuth2 Grant Type
>>> introduced
>>> by UMA 2.0 [1] and how it will be used as a replacement for both
>>> Entitlement and Authorization API. In UMA 2.0, there is no Authorization
>>> API anymore, thus it will be removed on future versions of Keycloak.
>>> Regarding Entitlement API, it will also be removed in favor of the new
>>> grant type, but in this case we are using some extensions to UMA grant
>>> type
>>> to provide the same functionality. One of the objectives of this change
>>> in
>>> particular is to have a single endpoint from where permissions can be
>>> obtained.
>>>
>>> Another important change is also related with UMA where end-users should
>>> be
>>> able now to manage their own resource and permissions via Account
>>> Management Console. Users would be able to access a "Resource" page from
>>> where they can:
>>>
>>> * See the resources they own
>>> * Check for pending permission requests (waiting for the owners
>>> approval).
>>> As well options to grant/deny the request.
>>> * Check for all "shared resources" / granted permissions. As well options
>>> to revoke permissions
>>> * Select an user they want to grant access to a resource and/or scope
>>>
>>> Other changes are related with the Policy Enforcer, Authorization Client
>>> Java API and configuration. For these areas in particular changes are
>>> minimal, specially regarding policy enforcer configuration.
>>>
>>> These changes are targeted to Keycloak v4 and we'll be updating docs
>>> accordingly, specially on how to migrate to the new version.
>>>
>>> Regards.
>>> Pedro Igor
>>>
>>> [1] https://docs.kantarainitiative.org/uma/wg/oauth-uma-grant-2.
>>> 0-09.html
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>


More information about the keycloak-user mailing list