7:51 a.m.
Hello everyone,
is there an example project or tutorial with UMA 2.0 where the user can give his consent
regarding shared access using the Rest-API of Keycloak?
We already had a look at the "app-authz-uma-photoz" project from the
"keycloak-quickstarts" repository. However, the example integrates a Keycloak
website where the user can manage the requests for her/his resources. In our application
we would like to have a custom service through which the user can manage his/her
resources, can get notifications for new requests, and can define rules for permissions
that are set automatically when a new resource is created or a new request is coming in.
For example, we have a use case in which an application creates new resources where the
user is the resource owner. This resource should be accessible by another user by default
or the uploading application should be able to grant access in the name of the resource
owner.
We would be glad for any comments and recommendations on our approach.
Mit freundlichen Grüßen / Best regards
Sven Erik Jeroschewski
Open Source Services - Product Group Customer Success Services (INST-CSS/BSV-OS)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY |
www.bosch-si.com<http://www.bosch-si.com>
Tel. +49 30 726112-416 | Mobil +49 152 24308225 |
SvenErik.Jeroschewski@bosch-si.com<mailto:SvenErik.Jeroschewski@bosch-si.com>
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber,
Michael Hahn, Dr. Aleksandar Mitrovic
9:12 a.m.
Hi, building your own service should be fine if you use parts of the API
that we provide.
1) User can manage his/her resources
Take a look at the Protection API, the Resource Management Endpoint in
particular [1].
2) Notifications and management of authorization requests
We have an undocumented endpoint that exposes the permission tickets,
which represent authorization requests pending for approval or already
approved by the resource owner. For now, you could take a look at the
app-auths-uma-photoz to check there how we are using this endpoint to fetch
"shared resources" [2].
3) Define rules for permissions that are set automatically when a new
resource is created
You have some options here. If you have typed resource (owned by the
resource server itself) and a set of permissions associated with this
resource when you create a new user resource (user is the owner, thus it is
considered a resource instance) any permission defined for the typed
resource will be applied to the user resource.
You can also manage permissions/policies through the Admin REST API,
just like we do in Keycloak admin console.
For User-Managed resources, you can also use the User-Managed Policy
API [3].
[1]
https://www.keycloak.org/docs/latest/authorization_services/index.html#_s...
[2]
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-um...
[3]
https://www.keycloak.org/docs/latest/authorization_services/index.html#_s...
Regards.
Pedro Igor
On Wed, Nov 14, 2018 at 12:00 PM Jeroschewski Sven Erik (INST-CSS/BSV-OS) <
SvenErik.Jeroschewski(a)bosch-si.com> wrote:
Hello everyone,
is there an example project or tutorial with UMA 2.0 where the user can
give his consent regarding shared access using the Rest-API of Keycloak?
We already had a look at the "app-authz-uma-photoz" project from the
"keycloak-quickstarts" repository. However, the example integrates a
Keycloak website where the user can manage the requests for her/his
resources. In our application we would like to have a custom service
through which the user can manage his/her resources, can get notifications
for new requests, and can define rules for permissions that are set
automatically when a new resource is created or a new request is coming in.
For example, we have a use case in which an application creates new
resources where the user is the resource owner. This resource should be
accessible by another user by default or the uploading application should
be able to grant access in the name of the resource owner.
We would be glad for any comments and recommendations on our approach.
Mit freundlichen Grüßen / Best regards
Sven Erik Jeroschewski
Open Source Services - Product Group Customer Success Services
(INST-CSS/BSV-OS)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
GERMANY | www.bosch-si.com<http://www.bosch-si.com>
Tel. +49 30 726112-416 | Mobil +49 152 24308225 |
SvenErik.Jeroschewski(a)bosch-si.com<mailto:
SvenErik.Jeroschewski(a)bosch-si.com>
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2247
days inactive
2247
days old
1 comments
2 participants
participants (2)
-
Jeroschewski Sven Erik (INST-CSS/BSV-OS) -
Pedro Igor Silva