[keycloak-user] Authorization Services and UMA 2.0 changes
Corentin Dupont
corentin.dupont at gmail.com
Mon Jan 29 09:09:58 EST 2018
That sounds great, thanks a lot!
On Mon, Jan 22, 2018 at 2:07 PM, Pedro Igor Silva <psilva at redhat.com> wrote:
> Hi All,
>
> We are about to finish the initial round of changes to make Keycloak
> Authorization Services compliant with UMA 2.0.
>
> One of the main changes is related with a new OAuth2 Grant Type introduced
> by UMA 2.0 [1] and how it will be used as a replacement for both
> Entitlement and Authorization API. In UMA 2.0, there is no Authorization
> API anymore, thus it will be removed on future versions of Keycloak.
> Regarding Entitlement API, it will also be removed in favor of the new
> grant type, but in this case we are using some extensions to UMA grant type
> to provide the same functionality. One of the objectives of this change in
> particular is to have a single endpoint from where permissions can be
> obtained.
>
> Another important change is also related with UMA where end-users should be
> able now to manage their own resource and permissions via Account
> Management Console. Users would be able to access a "Resource" page from
> where they can:
>
> * See the resources they own
> * Check for pending permission requests (waiting for the owners approval).
> As well options to grant/deny the request.
> * Check for all "shared resources" / granted permissions. As well options
> to revoke permissions
> * Select an user they want to grant access to a resource and/or scope
>
> Other changes are related with the Policy Enforcer, Authorization Client
> Java API and configuration. For these areas in particular changes are
> minimal, specially regarding policy enforcer configuration.
>
> These changes are targeted to Keycloak v4 and we'll be updating docs
> accordingly, specially on how to migrate to the new version.
>
> Regards.
> Pedro Igor
>
> [1] https://docs.kantarainitiative.org/uma/wg/oauth-uma-grant-2.0-09.html
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list