Re: [keycloak-user] Missing permissions
Vote for my feature request! ;)
https://issues.jboss.org/browse/KEYCLOAK-8915
On Fri, 18 Jan 2019 at 13:26, Julien Deruere <deruere.julien(a)gmail.com>
wrote:
My goal is to fetch the list of resources on wich I have permissions
to. If
I can filter by type that would be even better. Is it possible?
Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva(a)redhat.com> a écrit
:
> Hi,
>
> What if you try to obtain permissions by passing the resource id (instead
> of asking all permissions)? Can you check if it works? I remember some
> limitations when obtaining all permissions due to performance issues. Not
> sure if that is the case.
>
> On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien(a)gmail.com
>
> wrote:
>
>> I'm getting permissions from this request:
>>
>> curl -X POST \
>> http://
${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
>> \
>> -H "Authorization: Bearer ${access_token}" \
>> --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
>> --data "audience={resource_server_client_id}" \ --data
>> "response_mode=permissions"
>>
>> Which give me the good results when I use Keycloak UI to share a
resource.
>>
>> Then if I give permission user the Policy API:
>>
>> curl -X POST \
>>
>>
http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{res...
>> \
>> -H 'Authorization: Bearer '$access_token \
>> -H 'Cache-Control: no-cache' \
>> -H 'Content-Type: application/json' \
>> -d '{
>> "name": "Any people manager",
>> "description": "Allow access to any people
manager",
>> "scopes": ["read"],
>> "groups": ["/Managers/People Managers"]
>> }'
>>
>>
>> It works and I can see it in the Keycloak User panel or in the evaluate
>> permission page, but first request does not I mention does not include
>> this
>> permission in the response.
>>
>> Any idea?
>>
> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Regards,
Geoffrey Cleaves