Permissions created through UMA flow are not supposed to be managed via
uma-policy endpoint. But additional permissions you want to grant to a
resource on behalf of the resource owner (using roles, groups, clients or
js conditions).
That is why you don't see "users"/"recipients" in the response.
To manage permissions created based on UMA tickets you would need to use
the "/permission/ticket" endpoint which allows you to manage tickets. Need
to update docs with this endpoint though...
On Mon, Jul 9, 2018 at 1:34 PM, Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
HI guys,
I started playing with the UMA API...
In the UI, I defined a resource shared with 2 persons.
Here is what I get when I query the API:
curl
http://localhost:8080/auth/realms/waziup/authz/protection/uma-policy?
resource=5f2eda15-4d6c-4a20-a22a-7de109998b22
-H "Authorization: Bearer $USERTOKEN" | jq
[
{
"id": "4cad9948-12a8-4178-87a8-983509169a2d",
"name": "028a265c-4cfb-4ef8-9d35-10a3360851df",
"type": "uma",
"scopes": [
"sensors:create",
"sensors:view",
"sensors:update"
],
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"owner": "2ecfae24-f340-4ad0-a12e-02cdc60cd8ba"
},
{
"id": "f8a10074-49b4-4ab7-b873-eca27b336e35",
"name": "7b24a369-a0c5-471f-9b94-f3c88a78ae79",
"type": "uma",
"scopes": [
"sensors:create",
"sensors:delete",
"sensors:view",
"sensors:update"
],
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"owner": "2ecfae24-f340-4ad0-a12e-02cdc60cd8ba"
}
]
Where can I find the resource id and the recipient of the sharing?
What is "name"?
The doc seems to say that {id} is the resource id:
http://${host}:${port}/auth/realms/${realm_name}/authz/
protection/uma-policy/{resource_id}
But that doesn't seem to be the case.
Another question, is there an API where I can find all the regular
policies/permissions, defined in the "Authorization" tab in Keycloak admin
console?
I don't see them in UMA API.
Thank a lot!!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user