[keycloak-user] Missing permissions

Pedro Igor Silva psilva at redhat.com
Fri Jan 18 08:44:25 EST 2019 

Ok, Geoffrey. You won :) That should be delivered as soon as we start
developing new features earlier this year.

On Fri, Jan 18, 2019 at 10:39 AM Geoffrey Cleaves <geoff at opticks.io> wrote:

> Vote for my feature request! ;)
> https://issues.jboss.org/browse/KEYCLOAK-8915
>
> On Fri, 18 Jan 2019 at 13:26, Julien Deruere <deruere.julien at gmail.com>
> wrote:
>
>> My goal is to fetch the list of resources on wich I have permissions to.
>> If
>> I can filter by type that would be even better. Is it possible?
>>
>> Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva at redhat.com> a
>> écrit :
>>
>> > Hi,
>> >
>> > What if you try to obtain permissions by passing the resource id
>> (instead
>> > of asking all permissions)? Can you check if it works? I remember some
>> > limitations when obtaining all permissions due to performance issues.
>> Not
>> > sure if that is the case.
>> >
>> > On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <
>> deruere.julien at gmail.com>
>> > wrote:
>> >
>> >> I'm getting permissions from this request:
>> >>
>> >> curl -X POST \
>> >>   http://
>> ${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
>> >> \
>> >>   -H "Authorization: Bearer ${access_token}" \
>> >>   --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
>> >>   --data "audience={resource_server_client_id}" \  --data
>> >> "response_mode=permissions"
>> >>
>> >> Which give me the good results when I use Keycloak UI to share a
>> resource.
>> >>
>> >> Then if I give permission user the Policy API:
>> >>
>> >> curl -X POST \
>> >>
>> >>
>> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
>> >> \
>> >>   -H 'Authorization: Bearer '$access_token \
>> >>   -H 'Cache-Control: no-cache' \
>> >>   -H 'Content-Type: application/json' \
>> >>   -d '{
>> >>         "name": "Any people manager",
>> >>         "description": "Allow access to any people manager",
>> >>         "scopes": ["read"],
>> >>         "groups": ["/Managers/People Managers"]
>> >> }'
>> >>
>> >>
>> >> It works and I can see it in the Keycloak User panel or in the evaluate
>> >> permission page, but first request does not I mention does not include
>> >> this
>> >> permission in the response.
>> >>
>> >> Any idea?
>> >>
>> > _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
>
> Regards,
> Geoffrey Cleaves
>
>
>
>
>
>

More information about the keycloak-user mailing list