Re: [keycloak-dev] Can a master list of roles be retrieved?
I don't know why you'd want to sync with any master list, but you could.
The Keycloak Admin REST interface is itself an application with roles
assign to it. Each application is itself a User. So you'd just assign
a Admin API role and the application could query for anything it wanted
(based on its permissions).
Most applications will inheritantly know which roles they require. Role
mappings are contained within the token they receive from the
auth-server. They idea is that security-wise, applications become
stateless. This is especially important for REST services that aim to
be completely stateless.
On 12/8/2013 4:44 PM, Matt Casperson wrote:
If I wanted my client application's UI to be able to authorise
roles to
perform certain actions, could I query a KeyCloak server for the master
list?
An example might be listing all the roles so I could select those that
should be able to edit a particular record. So rather than manually
syncing a list of roles between my application and KeyCloak, I would
query the KeyCloak server for the current list of roles to ensure that I
always have an accurate list.
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
<https://www.redhat.com/wapps/training/certification/verify.html?certNumbe...
Engineering Content Services
Brisbane, Australia
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com