2:41 p.m.
Hello,
I have difficulties finding the best way of protecting resources using
Authorization Services or UMA.
Here is the following problem:
user1 creates resource/item/id1
user2 creates resource/item/id2
I want to be able in my nodejs confidential client to:
1. list users that have access to a specific item (eg: item/id1)
2. list all resources a user has access to (not only the ones he has,
but also the ones other users shared with him)
3. permit a user to access a resource
4. remove the access of a user to a resource
I saw in photoz UMA example a nice UI directly in keycloak. I would like to
reproduce this tab directly in my client calling APIs to Keycloak. The
reason is the tab in the account page doesnt give enough functionality for
example if I want to join some detail about the resources that would only
be available in my resource server.
I saw the resource set api and a node package (
https://github.com/proficonf/keycloak-authz) that tries to manage the
resources only
but I can't find APIs that directly handle the 4 steps I just mentioned.
Thanks
9:21 a.m.
Hi, answers inline. In general, I need to document this endpoint
https://github.com/keycloak/keycloak/blob/5a9bfea419f37267afb656ea4bfce1f...
.
On Tue, Nov 13, 2018 at 6:56 PM Pierre Nowak <pnowak.pierre(a)gmail.com>
wrote:
Hello,
I have difficulties finding the best way of protecting resources using
Authorization Services or UMA.
Here is the following problem:
user1 creates resource/item/id1
user2 creates resource/item/id2
I want to be able in my nodejs confidential client to:
1. list users that have access to a specific item (eg: item/id1)
Being the resource owner, user1 will always have access to item/id1, I
guess. To fetch other users with access to this resource after resource
owner's approval, you can use this example [1].
[1]
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-um...
2. list all resources a user has access to (not only the ones he
has,
but also the ones other users shared with him)
The same as above.
3. permit a user to access a resource
The same endpoint also allows you to create permission tickets and grant
access to the resource. Best is follow UMA flow though, for privacy reasons.
4. remove the access of a user to a resource
Same endpoint as above.
I saw in photoz UMA example a nice UI directly in keycloak. I would like to
reproduce this tab directly in my client calling APIs to Keycloak. The
reason is the tab in the account page doesnt give enough functionality for
example if I want to join some detail about the resources that would only
be available in my resource server.
I saw the resource set api and a node package (
https://github.com/proficonf/keycloak-authz) that tries to manage the
resources only
but I can't find APIs that directly handle the 4 steps I just mentioned.
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2247
days inactive
2248
days old
1 comments
2 participants
participants (2)
-
Pedro Igor Silva -
Pierre Nowak