[keycloak-user] Authorization with service account
Jean-François HEROUARD
jfherouard.almerys at gmail.com
Thu Oct 12 08:32:15 EDT 2017
I answer myslef, a js policy script to allow a service account :
var context = $evaluation.getContext();
var identity = context.getIdentity();
var attributes = identity.getAttributes();
var username = attributes.getValue('preferred_username').asString(0);
var clientId = attributes.getValue('clientId').asString(0);
if (username === 'service-account-' + clientId) {
$evaluation.grant();
} else {
$evaluation.deny();
}
2017-10-12 10:40 GMT+02:00 Jean-François HEROUARD <
jfherouard.almerys at gmail.com>:
> Hi,
>
> In a client, I have service account and authorization enabled. When
> service account fetches all resources, authorizations applied. I would like
> a specific user policy rule for this user but "service-account-(client
> name)" is not suggested nor accepted by the user policy provider.
> Is there another way to do that ? In js but what is the uuid of a service
> user ? Is that a functionnal bug ?
>
> Thanks.
>
More information about the keycloak-user
mailing list