[keycloak-user] Missing permissions

Pedro Igor Silva psilva at redhat.com
Fri Jan 18 08:53:14 EST 2019 

Did it work when passing the resource id ?

On Fri, Jan 18, 2019 at 10:20 AM Julien Deruere <deruere.julien at gmail.com>
wrote:

> My goal is to fetch the list of resources on wich I have permissions to.
> If I can filter by type that would be even better. Is it possible?
>
> Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva at redhat.com> a
> écrit :
>
>> Hi,
>>
>> What if you try to obtain permissions by passing the resource id (instead
>> of asking all permissions)? Can you check if it works? I remember some
>> limitations when obtaining all permissions due to performance issues. Not
>> sure if that is the case.
>>
>> On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien at gmail.com>
>> wrote:
>>
>>> I'm getting permissions from this request:
>>>
>>> curl -X POST \
>>>   http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
>>> \
>>>   -H "Authorization: Bearer ${access_token}" \
>>>   --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
>>>   --data "audience={resource_server_client_id}" \  --data
>>> "response_mode=permissions"
>>>
>>> Which give me the good results when I use Keycloak UI to share a
>>> resource.
>>>
>>> Then if I give permission user the Policy API:
>>>
>>> curl -X POST \
>>>
>>> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
>>> \
>>>   -H 'Authorization: Bearer '$access_token \
>>>   -H 'Cache-Control: no-cache' \
>>>   -H 'Content-Type: application/json' \
>>>   -d '{
>>>         "name": "Any people manager",
>>>         "description": "Allow access to any people manager",
>>>         "scopes": ["read"],
>>>         "groups": ["/Managers/People Managers"]
>>> }'
>>>
>>>
>>> It works and I can see it in the Keycloak User panel or in the evaluate
>>> permission page, but first request does not I mention does not include
>>> this
>>> permission in the response.
>>>
>>> Any idea?
>>>
>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>

More information about the keycloak-user mailing list