Re: [keycloak-user] Missing permissions
My goal is to fetch the list of resources on wich I have permissions to. If
I can filter by type that would be even better. Is it possible?
Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva(a)redhat.com> a écrit :
Hi,
What if you try to obtain permissions by passing the resource id (instead
of asking all permissions)? Can you check if it works? I remember some
limitations when obtaining all permissions due to performance issues. Not
sure if that is the case.
On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien(a)gmail.com>
wrote:
> I'm getting permissions from this request:
>
> curl -X POST \
> http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
> \
> -H "Authorization: Bearer ${access_token}" \
> --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
> --data "audience={resource_server_client_id}" \ --data
> "response_mode=permissions"
>
> Which give me the good results when I use Keycloak UI to share a resource.
>
> Then if I give permission user the Policy API:
>
> curl -X POST \
>
> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{res...
> \
> -H 'Authorization: Bearer '$access_token \
> -H 'Cache-Control: no-cache' \
> -H 'Content-Type: application/json' \
> -d '{
> "name": "Any people manager",
> "description": "Allow access to any people manager",
> "scopes": ["read"],
> "groups": ["/Managers/People Managers"]
> }'
>
>
> It works and I can see it in the Keycloak User panel or in the evaluate
> permission page, but first request does not I mention does not include
> this
> permission in the response.
>
> Any idea?
>
_______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>