Re: [keycloak-user] Unspecified behavior of token endpoint when obtaining permissions
Sounds like a bug. I know there is a bug in the policy evaluation code that
can result in some permissions being missed and I understand that it will
be fixed in 4.6.
That being said, when I request all the permissions for the token's owner,
I do get the expected result except for some missing scopes due to said
bug. Are you sure your policies are built correctly? Did you build a policy
granting permissions to resource owners?
On Wed, Nov 14, 2018, 00:52 Lamina, Marco <marco.lamina(a)sap.com wrote:
Hi,
I am trying to use Keycloak’s token endpoint to obtain a list of all
resources and the respective scopes that a user has permission to access.
However, the behavior I am observing does not match what is described in
the documentation (Link [1]). I am using the token endpoint as shown in
Link [2].
Expected behavior:
Token endpoint returns a list of all resources and scopes that the token’s
user has permission to access.
Observed behavior:
Token endpoint only returns resources that are owned by either the token’s
user or the resource server itself. Resources owned by other users are not
listed, even though the token’s user has permission to access them.
Is that a bug or expected behavior?
Links:
[1]
https://www.keycloak.org/docs/latest/authorization_services/index.html#_s...
[2]
https://issues.jboss.org/browse/KEYCLOAK-8768?focusedCommentId=13658545&a...
Thanks,
Marco
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user