Re: [keycloak-user] understanding the photoz example

> > On 12/26/2016 7:29:14 AM, Avinash Kundaliya <avinash(a)avinash.com.np&gt; > wrote: > > I have been going through the photoz example and I am curious how does > the drool application know the resource owner [1] or get details about > the resource in general ? *Pedro Igor:* The rule used with the Drools policy is basically using the Policy Evaluation API [1], which provides access not only to the resource but also the identity (built based on the access token sent along the authorization request), the permission being evaluated (resource + scope) and a few contextual attributes. [1] https://keycloak.gitbooks.io/authorization-services-guide/content/topics/... *Avinash**:* Ok, so does this mean that keycloak requests the resource server to get the resource, that is then passed to the evaluation API along with the identity and contextual-attributes ? > Can this be done with a javascript based policy? *Pedro Igor:* Yes, both policy types allows you to use ABAC and all attributes available through the Policy Evaluation API to write your policies. You can even mix ABAC with RBAC, if you also need to check roles granted to the identity asking for access. > > > Is there a post/description about how the photoz example works and how > information flows in this example. I am trying to understand via the > code as of now, the Readme is a good introduction of what it does, but > not enough to understand what's really happening? *Pedro Igor:* No, but we can update docs to include such info.

> > > I am having a hard time understanding how to setup keycloak > authorization and also missing documentation/explanation on how to do > things. If there's a resource that someone could refer to, that would be > great. *Pedro Igor:* What about the documentation [2] ? I think it is going to be useful to understand some key concepts. Fell free to open issues to our doc if you find something is not clear [2] https://keycloak.gitbooks.io/authorization-services-guide/content/topics/... > > > [1] > https://github.com/keycloak/keycloak/blob/master/examples/authz/photoz/ph... > > > Regards, > Avinash > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user