[keycloak-user] Question for role-based authorization scenario with keycloak
Fischer Oliver (INST/ECS4)
Oliver.Fischer at bosch-si.com
Thu Dec 7 10:20:35 EST 2017
Hi Keycloak-Community,
I need some help setting up a role based authorization with keycloak. Suppose you have authorization data model like this:
{
"roles": {
"publisher": [
{
"resource": "/telemetry",
"activities": [ "WRITE" ]
}
],
"consumer": [
{
"resource": "/telemetry",
"activities": [ "READ" ]
}
]
},
"users": {
"client-sender": {
"password": "secret",
"authorities": [ "publisher" ]
},
"client-receiver": {
"password": "secret",
"authorities": [ "consumer" ]
}
}
}
Users (service account clients) and roles (defined for client called my-application) can be easily integrated into keycloak. An example access token should look like this:
{
"jti": "9290a241-45ad-4c14-b6e3-fdf906c7c102",
"exp": 1511887924,
"clientId": "client-sender",
...
"resource_access": {
"my-application": {
"roles": [
"publisher"
]
}
}
}
In keycloak, when enabling "Fine-grained authorization support" for the application (client called my-application), resources (like "/telemetry") and permissions (like "WRITE") can be defined.
The question is:
How do I get the connection between resources/permissions and the roles?
Or to be more precise, how to get those resources/permissions into the access token?
Thanks a lot in advance,
Oliver Fischer
More information about the keycloak-user
mailing list