[keycloak-user] Policy API endpoint lacks crucial information (in my opinion ; )
Geoffrey Cleaves
geoff at opticks.io
Mon Nov 19 06:59:00 EST 2018
Hi. When querying the
http://${host}:${post}/auth/realms/${realm}/authz/protection/uma-policy
endpoint I get a response similar to this:
[
{
"id": "6d5ffed7-5f1c-4b43-b2a8-986528aaee92",
"name": "b189864a-754e-4b5d-9c5b-f36fd9aad102",
"type": "uma",
"scopes": [
"campaign:view"
],
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"owner": "45cb05ba-5485-459e-9cfc-25128adb1854",
"users": [
"user at domain.com"
]
}
]
The problem here is that we don't know what resource this policy applies
to. As far as I know, there is no way to extract that information. Please
let me know if I am missing something.
I tried inspecting the network calls that the Admin Console does when
listing a user's UMA policies, but unfortunately for me the information
seems to be rendered server side instead of using the UMA REST API.
The goal is to recreate and enhance the Keycloak supplied UMA My Resources
functionality.
More information about the keycloak-user
mailing list