Re: [keycloak-user] shared UMA 2.0 resource & scope based policies
On Wednesday, 16 January 2019 19:58:30 HKT Pedro Igor Silva wrote:
Now I see. The result is giving a false-positive but the set of
granted
permissions should be correct.
To check that, could you click "Show Authorization Data" link on the top of
the result page and see how the permissions look like in the generated
token? You should see:
"authorization": {
"permissions": [
{
"scopes": [
"album:view"
],
"rsid": "7e1ae12b-e733-4090-9f84-8242f9192288",
"rsname": "Amazing sunsets"
}
]
},
Bob's album:view:
"authorization": {
"permissions": [
{
"scopes": [
"album:view"
],
"rsid": "2e93c0ea-d5e3-4538-bdf1-47f3c5c67e9b",
"rsname": "Amazing sunsets"
}
]
}
Bob's album:modify (false-positive):
"authorization": {
"permissions": [
{
"scopes": [
"album:view"
],
"rsid": "2e93c0ea-d5e3-4538-bdf1-47f3c5c67e9b",
"rsname": "Amazing sunsets"
}
]
}
Regards,
Marek
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)