[keycloak-user] Missing permissions
Julien Deruere
deruere.julien at gmail.com
Fri Jan 18 07:20:16 EST 2019
My goal is to fetch the list of resources on wich I have permissions to. If
I can filter by type that would be even better. Is it possible?
Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva at redhat.com> a écrit :
> Hi,
>
> What if you try to obtain permissions by passing the resource id (instead
> of asking all permissions)? Can you check if it works? I remember some
> limitations when obtaining all permissions due to performance issues. Not
> sure if that is the case.
>
> On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien at gmail.com>
> wrote:
>
>> I'm getting permissions from this request:
>>
>> curl -X POST \
>> http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
>> \
>> -H "Authorization: Bearer ${access_token}" \
>> --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
>> --data "audience={resource_server_client_id}" \ --data
>> "response_mode=permissions"
>>
>> Which give me the good results when I use Keycloak UI to share a resource.
>>
>> Then if I give permission user the Policy API:
>>
>> curl -X POST \
>>
>> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
>> \
>> -H 'Authorization: Bearer '$access_token \
>> -H 'Cache-Control: no-cache' \
>> -H 'Content-Type: application/json' \
>> -d '{
>> "name": "Any people manager",
>> "description": "Allow access to any people manager",
>> "scopes": ["read"],
>> "groups": ["/Managers/People Managers"]
>> }'
>>
>>
>> It works and I can see it in the Keycloak User panel or in the evaluate
>> permission page, but first request does not I mention does not include
>> this
>> permission in the response.
>>
>> Any idea?
>>
> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
More information about the keycloak-user
mailing list