Hi Pedro,
Thank you for your reply.
Sadly I'm still having trouble understanding how this "ticket" is
generated. Is this something that you have to generate on the
backend/resource server manually? I.E. Do I generate this ticket every
time there's a HTTP 401 error? If so, what are the rules for
generating it? How will keycloak know that is ticket is legitimate how
does it know which resource it's pointing to?
Thank you and best regards,
Silva
Citando Pedro Igor Silva <psilva(a)redhat.com>:
Hi,
From a frontend perspective, you get a PT after trying to access a
UMA protected resource for the first time (when lacking the required
permissions). You should be able to obtain it through the
WWW-Authenticate header as described
here https://www.keycloak.org/docs/latest/authorization_services/index.ht....
But you should also be able to obtain permissions for a resource
owner by just invoking the token endpoint directly as described
here https://www.keycloak.org/docs/latest/authorization_services/index.ht...,
as long as the access token you pass (as a bearer, for instance) is representing the owner
as the
subject.
On Fri, Nov 15, 2019 at 4:33 PM <sesnor.silva(a)sapo.pt> wrote:
> Hello,
>
> I'm trying to implement a frontend interface for requesting
> permissions to resource owners, however I'm having trouble
> understanding what a "permission_ticket" is.
>
> According to the documentation
>
(
https://www.keycloak.org/docs/latest/authorization_services/#_service_aut...),
a permission request requires a "ticket=${permission_ticket}" parameter. How do
I obtain this ticket? Can I build
> it
> myself?
>
> The previous section states: "The resource server sends a response
> back to the client with a permission ticket and a as_uri parameter
> with the location of a Keycloak server to where the ticket should be
> sent in order to obtain an RPT." But I'm not sure how I make my
> API/Resource Server do this.
>
> Can I request access to a resource owner through any another method?
>
> Thank you,
> Silva
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>