[keycloak-dev] Can a master list of roles be retrieved?
Bill Burke
bburke at redhat.com
Mon Dec 9 08:50:51 EST 2013
I don't know why you'd want to sync with any master list, but you could.
The Keycloak Admin REST interface is itself an application with roles
assign to it. Each application is itself a User. So you'd just assign
a Admin API role and the application could query for anything it wanted
(based on its permissions).
Most applications will inheritantly know which roles they require. Role
mappings are contained within the token they receive from the
auth-server. They idea is that security-wise, applications become
stateless. This is especially important for REST services that aim to
be completely stateless.
On 12/8/2013 4:44 PM, Matt Casperson wrote:
> If I wanted my client application's UI to be able to authorise roles to
> perform certain actions, could I query a KeyCloak server for the master
> list?
>
> An example might be listing all the roles so I could select those that
> should be able to edit a particular record. So rather than manually
> syncing a list of roles between my application and KeyCloak, I would
> query the KeyCloak server for the current list of roles to ensure that I
> always have an accurate list.
>
> Regards
>
> Matthew Casperson
> RHCE, RHCJA # 111-072-237
> <https://www.redhat.com/wapps/training/certification/verify.html?certNumber=111-072-237&isSearch=False&verify=Verify>
> Engineering Content Services
> Brisbane, Australia
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list