11:29 a.m.
OK, interesting: I didn't know about this console :)
I can access it with my "test" user, but I don't see the "My
Resources"
menu entry (see screenshot).
I created some resources owned by that user (using the API). But they don't
show up.
What did I missed?
On Tue, Jun 26, 2018 at 2:42 PM, Pedro Igor Silva <psilva(a)redhat.com> wrote:
Yeah, you can access those claims in a JS policy.
Regarding the "account management console" take a look here:
https://www.keycloak.org/docs/latest/authorization_ser
vices/index.html#_service_authorization_api_aapi.
On Mon, Jun 25, 2018 at 1:28 PM, Corentin Dupont <
corentin.dupont(a)gmail.com> wrote:
> Ok, I see the "claim_token" parameter in the request.
> I guess you can retrieve those claims in a javascript rule, from the
> evaluation context.
>
> By the way, I still cannot figure out where is the "account management
> console", where user can manager users access (as per the release notes)??
>
> On Fri, Jun 22, 2018 at 7:09 PM, Pedro Igor Silva <psilva(a)redhat.com>
> wrote:
>
>> The new form of obtaining entitlements relies solely on the token
>> endpoint just like when you are obtaining access tokens using other OAuth2
>> grant types. With that in mind the new format of the request should be a
>> HTTP POST + parameters. Check this documentation [1] for more details.
>>
>> Regarding pushing claims to your policies, there is a specific HTTP
>> parameter that you can use to pass a Base64 encoded JSON with the claims
>> you want to push.
>>
>> [1] https://www.keycloak.org/docs/latest/authorization_servi
>> ces/index.html#_service_obtaining_permissions
>>
>>
>> On Fri, Jun 22, 2018 at 12:09 PM, Corentin Dupont <
>> corentin.dupont(a)gmail.com> wrote:
>>
>>> Thanks Pedro, I went through the pull request.
>>> I'm not sure how to modify my entitlement requests?
>>> For example I have:
>>> curl -X POST -H "Content-Type: application/json" -H
"Authorization:
>>> Bearer $TOKEN" -d '{
>>> "permissions" : [
>>> {
>>> "resource_set_name" : "Sensors",
>>> "scopes" : [
>>> "sensors:update"
>>> ]
>>> }
>>> ]
>>> }'
"http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>>
>>> This call has been moved to uma-2, right?
>>> Can I add pushed claims to this call? What I'm imagining is:
>>>
>>> curl -X POST -H "Content-Type: application/json" -H
"Authorization:
>>> Bearer $TOKEN" -d '{
>>> "permissions" : [
>>> {
>>> "resource_set_name" : "Sensors",
>>> "scopes" : [
>>> "sensors:update"
>>> ]
>>> }
>>> ],
>>> claims: ["owner": "cdupont"]
>>> }'
"http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>>
>>> In this example, I would like to push the owner of the sensor
>>> ("cdupont"), which I take from our own database before calling the
API.
>>>
>>> Sorry about the questions, maybe I should just wait that the
>>> documentation is merged :)
>>>
>>>
>>>
>>> On Fri, Jun 22, 2018 at 4:37 PM, Pedro Igor Silva <psilva(a)redhat.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> We have a few changes to docs that were not released because the PR
>>>> [1] was not merged on time. But you can check about pushed claims (if
you
>>>> are using our adapters) here [2].
>>>>
>>>> Regards.
>>>> Pedro igor
>>>>
>>>> [1] https://github.com/keycloak/keycloak-documentation/pull/402
>>>> [2] https://www.keycloak.org/docs/latest/authorization_servi
>>>> ces/index.html#_enforcer_claim_information_point
>>>>
>>>> On Wed, Jun 20, 2018 at 10:04 AM, Corentin Dupont <
>>>> corentin.dupont(a)gmail.com> wrote:
>>>>
>>>>> Hi guys,
>>>>> I'm playing with the new version of Keycloak (
>>>>> https://www.keycloak.org/docs/latest/release_notes/index.html)
>>>>>
>>>>> I have some questions:
>>>>> - where is the "account management console"?
>>>>> - How to use pushed claims? Which APIs are affected?
>>>>>
>>>>> Thanks!
>>>>> Corentin
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
