[keycloak-user] Permission with multiple scopes - what does it mean exactly?
cen
imbacen at gmail.com
Tue Dec 4 11:37:36 EST 2018
Hi.
in UMA authorization, when adding a scope Permission you can specify a
set of scopes. What a "set" means exactly is not very well documented.
By trial and error I figured out that:
1. Resource with single scope and corresponding permission with same
(single) scope works as expected.
2. Resource with single scope and permission with multiple scopes, of
which one of them is the resource scope does not work (auth not granted).
Scope set on resource to me means: this is all the things the resource
owner is allowed to do with it.
Scope set on permission to me means: apply this policies if either of
these scopes is needed. That does not seem to be the case tho, according
to point #2.
Can someone shed some light how scope set on resource resolves against
permission scope set?
Best regards, cen
More information about the keycloak-user
mailing list