[keycloak-user] Missing permissions
Julien Deruere
deruere.julien at gmail.com
Thu Jan 17 15:35:59 EST 2019
I'm getting permissions from this request:
curl -X POST \
http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \
-H "Authorization: Bearer ${access_token}" \
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
--data "audience={resource_server_client_id}" \ --data
"response_mode=permissions"
Which give me the good results when I use Keycloak UI to share a resource.
Then if I give permission user the Policy API:
curl -X POST \
http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
\
-H 'Authorization: Bearer '$access_token \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json' \
-d '{
"name": "Any people manager",
"description": "Allow access to any people manager",
"scopes": ["read"],
"groups": ["/Managers/People Managers"]
}'
It works and I can see it in the Keycloak User panel or in the evaluate
permission page, but first request does not I mention does not include this
permission in the response.
Any idea?
More information about the keycloak-user
mailing list