I'm getting permissions from this request: curl -X POST \ http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \ -H "Authorization: Bearer ${access_token}" \ --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \ --data "audience={resource_server_client_id}" \ --data "response_mode=permissions" Which give me the good results when I use Keycloak UI to share a resource. Then if I give permission user the Policy API: curl -X POST \ http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{res... \ -H 'Authorization: Bearer '$access_token \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/json' \ -d '{ "name": "Any people manager", "description": "Allow access to any people manager", "scopes": ["read"], "groups": ["/Managers/People Managers"] }' It works and I can see it in the Keycloak User panel or in the evaluate permission page, but first request does not I mention does not include this permission in the response. Any idea? _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

My goal is to fetch the list of resources on wich I have permissions to. If I can filter by type that would be even better. Is it possible? Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva(a)redhat.com&gt; a écrit : > Hi, > > What if you try to obtain permissions by passing the resource id (instead > of asking all permissions)? Can you check if it works? I remember some > limitations when obtaining all permissions due to performance issues. Not > sure if that is the case. > > On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien(a)gmail.com > > wrote: > >> I'm getting permissions from this request: >> >> curl -X POST \ >> http:// ${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token >> \ >> -H "Authorization: Bearer ${access_token}" \ >> --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \ >> --data "audience={resource_server_client_id}" \ --data >> "response_mode=permissions" >> >> Which give me the good results when I use Keycloak UI to share a resource. >> >> Then if I give permission user the Policy API: >> >> curl -X POST \ >> >> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{res... >> \ >> -H 'Authorization: Bearer '$access_token \ >> -H 'Cache-Control: no-cache' \ >> -H 'Content-Type: application/json' \ >> -d '{ >> "name": "Any people manager", >> "description": "Allow access to any people manager", >> "scopes": ["read"], >> "groups": ["/Managers/People Managers"] >> }' >> >> >> It works and I can see it in the Keycloak User panel or in the evaluate >> permission page, but first request does not I mention does not include >> this >> permission in the response. >> >> Any idea? >> > _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Ok, Geoffrey. You won :) That should be delivered as soon as we start developing new features earlier this year. On Fri, Jan 18, 2019 at 10:39 AM Geoffrey Cleaves <geoff(a)opticks.io&gt; wrote: > Vote for my feature request! ;) > https://issues.jboss.org/browse/KEYCLOAK-8915 > > On Fri, 18 Jan 2019 at 13:26, Julien Deruere <deruere.julien(a)gmail.com&gt; > wrote: > >> My goal is to fetch the list of resources on wich I have permissions to. >> If >> I can filter by type that would be even better. Is it possible? >> >> Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva(a)redhat.com&gt; a >> écrit : >> >> > Hi, >> > >> > What if you try to obtain permissions by passing the resource id >> (instead >> > of asking all permissions)? Can you check if it works? I remember some >> > limitations when obtaining all permissions due to performance issues. >> Not >> > sure if that is the case. >> > >> > On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere < >> deruere.julien(a)gmail.com&gt; >> > wrote: >> > >> >> I'm getting permissions from this request: >> >> >> >> curl -X POST \ >> >> http:// >> ${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token >> >> \ >> >> -H "Authorization: Bearer ${access_token}" \ >> >> --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \ >> >> --data "audience={resource_server_client_id}" \ --data >> >> "response_mode=permissions" >> >> >> >> Which give me the good results when I use Keycloak UI to share a >> resource. >> >> >> >> Then if I give permission user the Policy API: >> >> >> >> curl -X POST \ >> >> >> >> >> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{res... >> >> \ >> >> -H 'Authorization: Bearer '$access_token \ >> >> -H 'Cache-Control: no-cache' \ >> >> -H 'Content-Type: application/json' \ >> >> -d '{ >> >> "name": "Any people manager", >> >> "description": "Allow access to any people manager", >> >> "scopes": ["read"], >> >> "groups": ["/Managers/People Managers"] >> >> }' >> >> >> >> >> >> It works and I can see it in the Keycloak User panel or in the >> evaluate >> >> permission page, but first request does not I mention does not include >> >> this >> >> permission in the response. >> >> >> >> Any idea? >> >> >> > _______________________________________________ >> >> keycloak-user mailing list >> >> keycloak-user(a)lists.jboss.org >> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> > >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > > Regards, > Geoffrey Cleaves > > > > > >