Re: [keycloak-user] Unspecified behavior of token endpoint when obtaining permissions

Sounds like a bug. I know there is a bug in the policy evaluation code that can result in some permissions being missed and I understand that it will be fixed in 4.6. That being said, when I request all the permissions for the token's owner, I do get the expected result except for some missing scopes due to said bug. Are you sure your policies are built correctly? Did you build a policy granting permissions to resource owners? On Wed, Nov 14, 2018, 00:52 Lamina, Marco <marco.lamina(a)sap.com wrote: > Hi, > I am trying to use Keycloak’s token endpoint to obtain a list of all > resources and the respective scopes that a user has permission to access. > However, the behavior I am observing does not match what is described in > the documentation (Link [1]). I am using the token endpoint as shown in > Link [2]. > > Expected behavior: > Token endpoint returns a list of all resources and scopes that the token’s > user has permission to access. > > Observed behavior: > Token endpoint only returns resources that are owned by either the token’s > user or the resource server itself. Resources owned by other users are not > listed, even though the token’s user has permission to access them. > > Is that a bug or expected behavior? > > Links: > > [1] > https://www.keycloak.org/docs/latest/authorization_services/index.html#_s... > [2] > https://issues.jboss.org/browse/KEYCLOAK-8768?focusedCommentId=13658545&a... > > Thanks, > Marco > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user