[keycloak-user] UMA Share Resource with a User via AuthZ Client
Christian Sandmeier
Christian.Sandmeier at vivai.de
Fri Jan 11 05:55:03 EST 2019
Hi all,
as soon as i add concrete Resources to the AuthorizationRequest it works.
So in Step 3 i added
AuthorizationRequest request = new AuthorizationRequest();
request.addPermission(„resource id x“)
request.addPermission(„resource id y“)
Then the Permission for these Resources are shown in the RPT.
Best regards,
Christian
Am 08.01.2019 um 17:57 schrieb Christian Sandmeier <Christian.Sandmeier at vivai.de<mailto:Christian.Sandmeier at vivai.de>>:
Hi All,
first of all Thanks for the great work. I have been using Keycloak in a
Project for a couple of Months now and really like it.
I started to try out the UMA 2.0 Flow because it would be very nice to be able to share a resource with other Users.
Given the following 4 Steps, i don't understand why the Permissions are not in the RPT token
// Code for Steps 1 and 2 taken from here
// https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java
// Code for Steps 3 and 4 taken from here
// https://www.keycloak.org/docs/latest/authorization_services/index.html#obtaining-user-entitlements
1) Creating a Resource "Resource A" with Owner "demo"
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Resource A");
resource.setOwnerManagedAccess(true);
resource.setOwner("demo");
resource.addScope("Scope A");
resource = getAuthzClient().protection().resource().create(resource);
2) Creating the User Permission for User "test"
UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
newPermission.setName("User-Managed Permission");
newPermission.setDescription("User is allowed to access");
newPermission.addScope("Scope A");
newPermission.addUser("test");
ProtectionResource protection = getAuthzClient().protection("demo", "demo");
UmaPermissionRepresentation permission = protection.policy(resource.getId()).create(newPermission);
3) get a RPT for the User "test" for all Resources
AuthzClient authzClient = AuthzClient.create();
AuthorizationRequest request = new AuthorizationRequest();
AuthorizationResponse response = authzClient.authorization("test", "test").authorize(request);
String rpt = response.getToken();
4) Listing the Permissions
TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
System.out.println("Token status is: " + requestingPartyToken.getActive());
System.out.println("Permissions granted by the server: ");
for (Permission granted : requestingPartyToken.getPermissions()) {
System.out.println(granted);
}
The Resource and Permission are saved correctly, i can correctly read them via the AuthZ Client
but now i would assume that the Permission is in the RPT of the User "test".
Is this Assumption maybe already incorrect and i got a bit lost? Or is there probably a
problem in my Code because the Permission should be listed there?
Btw. if i skip Step 2) and instead share the the Resource with the User in the "Keycloak -> My Account-> My Resources" Page, it works. But not
with the UmaPermissionRepresentation.
Thank you in Advance
Best regards,
Christian Sandmeier
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list