[keycloak-dev] Authorization JS adapter, where should I put it ?

Stian Thorgersen sthorger at redhat.com
Wed Jun 22 06:44:26 EDT 2016


I would go for a separate file, keycloak-authz.js. It can then be included
by only those that need it and also documented separately.

On 21 June 2016 at 21:59, Pedro Igor Silva <psilva at redhat.com> wrote:

> Would like to make available a JS adapter for authorization. It's purpose
> is to make life easier for those using JS when interacting with an resource
> server which resources are being protected by a policy enforcer.
>
> The idea is that you can use the adapter for some very common scenarios.
> For instance, suppose you are using AngularJS and you want to handle 403
> from the resource server so you can obtain a RPT with the necessary
> permissions to retry the
> request:
>
>     var Authorization = new KeycloakAuthorization();
>
>     // our adapters return a WWW-Authenticate header with the necessary
> information to build an authorization request to a Keycloak Server
>
> Authorization.authorize(response.headers('WWW-Authenticate')).then(function
> (rpt) {
>         // onGrant callback function. If granted you'll get a RPT which
> you can use as bearer token to get access to protected resources
>     }, function () {
>         // onDeny callback function
>     }, function () {
>         // onError callback function
>     });
>
> The above code is particular useful because the JS adapter will
> automatically identify how the resource server is being protected (if using
> UMA or our entitlements protocol) and act accordingly.
>
> Or you can just obtain the entitlements using our Entitlements API:
>
>     authorization.entitlement('my-resource-server-id').then(function (rpt)
> {
>         // onGrant callback function. If granted you'll get a RPT which
> you can use as bearer token to get access to protected resources
>     })
>
> In the future, I would like to introduce more methods such as:
>
>     if (authorization.hasPermission('Main Page', 'Action 1')) {
>         // do something if current user has permissions to click a button
> on a page
>     }
>
> Should I put that stuff into keycloak.js or provide it separately ?
>
> Regards.
> Pedro Igor
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160622/8a32dcc7/attachment.html 


More information about the keycloak-dev mailing list