11:13 a.m.
Hi all,
I find strange a little thing in the permissions API.
If I request permissions with some resources in my client, it works well:
$ curl -X POST
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
"Authorization: Bearer $USERTOKEN" -d
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#gateways:view&response_mode=permissions"
The response is:
[{"scopes":["gateways:update","gateways:view","gateways:delete"],"rsid":"gateway-GW1","rsname":"GW1"}]
However, If I request permissions when there is no resources at all in my
client:
[{"scopes":["gateways:view"]}]
Why not the empty list?
Thanks a lot and good vacations!
Corentin
6:23 a.m.
Hi Corentin,
Do you have permissions that grant access to that scope? IIRC, the engine
also processes scope-only permissions with no resources if you have
permissions granting access to it.
On Tue, Aug 13, 2019 at 2:01 PM Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
Hi all,
I find strange a little thing in the permissions API.
If I request permissions with some resources in my client, it works well:
$ curl -X POST
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
"Authorization: Bearer $USERTOKEN" -d
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#gateways:view&response_mode=permissions"
The response is:
[{"scopes":["gateways:update","gateways:view","gateways:delete"],"rsid":"gateway-GW1","rsname":"GW1"}]
However, If I request permissions when there is no resources at all in my
client:
[{"scopes":["gateways:view"]}]
Why not the empty list?
Thanks a lot and good vacations!
Corentin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1978
days inactive
1981
days old
1 comments
2 participants
participants (2)
-
Corentin Dupont -
Pedro Igor Silva