6:09 a.m.
Hi guys,
I use the entitlement API to check access control on my resources. Here I
check if a user can update a sensor:
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer
$TOKEN" -d '{
"permissions" : [
{
"resource_set_name" : "Sensors",
"scopes" : [
"sensors:update"
]
}
]
}' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
But I would like to make complex policies that check additional parameters,
such as sensor status etc.
How can I pass along the additional parameters to the request, and use them
in my policies? I use javascript policies mainly.
Thanks
Corentin
7:20 a.m.
Hi Corentin,
We are adding support for "pushed claims". That is the main task I'm
working with right now.
If you want to track the changes being made and provide any feedback,
please watch https://issues.jboss.org/browse/KEYCLOAK-4903. So far, I have
enabled pushing claims when using UMA and permission tickets. As you might
know, with the introduction of UMA 2.0 there is no specific endpoint for
entitlements anymore. Now permissions are evaluated using the token
endpoint. Next step is enable "pushed claims" to non-UMA requests (without
permission tickets, just like the old entitlement api).
On Tue, Apr 10, 2018 at 8:09 AM, Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
Hi guys,
I use the entitlement API to check access control on my resources. Here I
check if a user can update a sensor:
curl -X POST -H "Content-Type: application/json" -H "Authorization:
Bearer
$TOKEN" -d '{
"permissions" : [
{
"resource_set_name" : "Sensors",
"scopes" : [
"sensors:update"
]
}
]
}' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
But I would like to make complex policies that check additional parameters,
such as sensor status etc.
How can I pass along the additional parameters to the request, and use them
in my policies? I use javascript policies mainly.
Thanks
Corentin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:22 a.m.
Thanks for the info.
So if I understand, I need to upgrade to UMA endpoint when it will be
available.
Cheers
On Tue, Apr 10, 2018 at 2:20 PM, Pedro Igor Silva <psilva(a)redhat.com> wrote:
Hi Corentin,
We are adding support for "pushed claims". That is the main task I'm
working with right now.
If you want to track the changes being made and provide any feedback,
please watch https://issues.jboss.org/browse/KEYCLOAK-4903. So far, I
have enabled pushing claims when using UMA and permission tickets. As you
might know, with the introduction of UMA 2.0 there is no specific endpoint
for entitlements anymore. Now permissions are evaluated using the token
endpoint. Next step is enable "pushed claims" to non-UMA requests (without
permission tickets, just like the old entitlement api).
On Tue, Apr 10, 2018 at 8:09 AM, Corentin Dupont <
corentin.dupont(a)gmail.com> wrote:
> Hi guys,
> I use the entitlement API to check access control on my resources. Here I
> check if a user can update a sensor:
>
> curl -X POST -H "Content-Type: application/json" -H "Authorization:
Bearer
> $TOKEN" -d '{
> "permissions" : [
> {
> "resource_set_name" : "Sensors",
> "scopes" : [
> "sensors:update"
> ]
> }
> ]
> }'
"http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>
>
> But I would like to make complex policies that check additional
> parameters,
> such as sensor status etc.
> How can I pass along the additional parameters to the request, and use
> them
> in my policies? I use javascript policies mainly.
>
> Thanks
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
10:08 a.m.
Hi Pedro,
I see pushed claims (and 4.0.0 release) has landed, congratulations!
It's not clear for me how to use them... Is there some doc?
Can I continue to use the old entitlement API? Or should I switch to UMA?
Best,
Corentin
On Tue, Apr 10, 2018 at 2:20 PM, Pedro Igor Silva <psilva(a)redhat.com> wrote:
Hi Corentin,
We are adding support for "pushed claims". That is the main task I'm
working with right now.
If you want to track the changes being made and provide any feedback,
please watch https://issues.jboss.org/browse/KEYCLOAK-4903. So far, I
have enabled pushing claims when using UMA and permission tickets. As you
might know, with the introduction of UMA 2.0 there is no specific endpoint
for entitlements anymore. Now permissions are evaluated using the token
endpoint. Next step is enable "pushed claims" to non-UMA requests (without
permission tickets, just like the old entitlement api).
On Tue, Apr 10, 2018 at 8:09 AM, Corentin Dupont <
corentin.dupont(a)gmail.com> wrote:
> Hi guys,
> I use the entitlement API to check access control on my resources. Here I
> check if a user can update a sensor:
>
> curl -X POST -H "Content-Type: application/json" -H "Authorization:
Bearer
> $TOKEN" -d '{
> "permissions" : [
> {
> "resource_set_name" : "Sensors",
> "scopes" : [
> "sensors:update"
> ]
> }
> ]
> }'
"http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>
>
> But I would like to make complex policies that check additional
> parameters,
> such as sensor status etc.
> How can I pass along the additional parameters to the request, and use
> them
> in my policies? I use javascript policies mainly.
>
> Thanks
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
2396
days inactive
2465
days old
3 comments
2 participants
participants (2)
-
Corentin Dupont -
Pedro Igor Silva