I would go for a separate file, keycloak-authz.js. It can then be included
by only those that need it and also documented separately.
On 21 June 2016 at 21:59, Pedro Igor Silva <psilva(a)redhat.com> wrote:
Would like to make available a JS adapter for authorization. It's
purpose
is to make life easier for those using JS when interacting with an resource
server which resources are being protected by a policy enforcer.
The idea is that you can use the adapter for some very common scenarios.
For instance, suppose you are using AngularJS and you want to handle 403
from the resource server so you can obtain a RPT with the necessary
permissions to retry the
request:
var Authorization = new KeycloakAuthorization();
// our adapters return a WWW-Authenticate header with the necessary
information to build an authorization request to a Keycloak Server
Authorization.authorize(response.headers('WWW-Authenticate')).then(function
(rpt) {
// onGrant callback function. If granted you'll get a RPT which
you can use as bearer token to get access to protected resources
}, function () {
// onDeny callback function
}, function () {
// onError callback function
});
The above code is particular useful because the JS adapter will
automatically identify how the resource server is being protected (if using
UMA or our entitlements protocol) and act accordingly.
Or you can just obtain the entitlements using our Entitlements API:
authorization.entitlement('my-resource-server-id').then(function (rpt)
{
// onGrant callback function. If granted you'll get a RPT which
you can use as bearer token to get access to protected resources
})
In the future, I would like to introduce more methods such as:
if (authorization.hasPermission('Main Page', 'Action 1')) {
// do something if current user has permissions to click a button
on a page
}
Should I put that stuff into keycloak.js or provide it separately ?
Regards.
Pedro Igor
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev