[keycloak-user] UMA Authorization
Damian Czaja
trojan295 at gmail.com
Wed Nov 22 04:55:00 EST 2017
Hello guys,
AFAIK Keycloak currently does not have full UMA support and for e.x. it's
not possible for users to manage resources they own. There already a PR for
KEYCLOAK-3169 on that.
First question:
How is the "owner" of the resource set when using the Resource Registration
Endpoint (
https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html)?
Is it set to the "subject" of the PAT token used to register the resource
or is it always the Resource Server, who registered it?
Second question:
>From what I know in UMA to get the Permission Ticket you need to use the
PAT of the Resource Owner. In case the Resource Owner is an End-User does
it mean the Resource Server will need to perform OAuth2 with the End-user
and store the PAT somewhere to be able to issue Permission Tickets to
Requesting Parties anytime, without the active present of the End-user?
Best regards,
Damian
More information about the keycloak-user
mailing list