[keycloak-user] [UMA] Submitting Permission Request
Pedro Igor Silva
psilva at redhat.com
Mon Nov 18 08:47:45 EST 2019
Hi,
>From a frontend perspective, you get a PT after trying to access a UMA
protected resource for the first time (when lacking the required
permissions). You should be able to obtain it through the WWW-Authenticate
header as described here
https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_uma_authorization_process
.
But you should also be able to obtain permissions for a resource owner by
just invoking the token endpoint directly as described here
https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_obtaining_permissions,
as long as the access token you pass (as a bearer, for instance) is
representing the owner as the subject.
On Fri, Nov 15, 2019 at 4:33 PM <sesnor.silva at sapo.pt> wrote:
> Hello,
>
> I'm trying to implement a frontend interface for requesting
> permissions to resource owners, however I'm having trouble
> understanding what a "permission_ticket" is.
>
> According to the documentation
> (
> https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_aat),
> a permission request requires a "ticket=${permission_ticket}" parameter.
> How do I obtain this ticket? Can I build it
> myself?
>
> The previous section states: "The resource server sends a response
> back to the client with a permission ticket and a as_uri parameter
> with the location of a Keycloak server to where the ticket should be
> sent in order to obtain an RPT." But I'm not sure how I make my
> API/Resource Server do this.
>
> Can I request access to a resource owner through any another method?
>
> Thank you,
> Silva
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list