[keycloak-user] RPT can not be issued to resource owner

Pedro Igor Silva psilva at redhat.com
Wed Jul 18 10:10:55 EDT 2018


Could you file a JIRA for this, please ? Let's see what others thinks about
it ...

Thanks.

On Wed, Jul 18, 2018 at 9:53 AM, stefan.wachter <stefan.wachter at bosch-si.com
> wrote:

> Agree. However, if a resource owner does not have enough grants by default
> then the approval mechanism should kick in. This is at least what the
> response error "request_submitted" indicates.
>
> Best regards,
>
>
> *Stefan Wachter INST-ICM/BSV-BS*
>
> Tel.  +49(711)811-58477
>
> *Be*
> *QIK *
> Am 18.07.2018 um 14:11 schrieb Pedro Igor Silva:
>
> The owner of a resource does not grants necessarily access to the
> resource. So, yeah, you need some policy to actually define who can access
> (the owner) the resource. I'm not sure if makes sense to owners approve
> requests to access their resources though.
>
> On Wed, Jul 18, 2018 at 6:30 AM, stefan.wachter <
> stefan.wachter at bosch-si.com> wrote:
>
>> As a work-around I added a policy that authorizes resource owners:
>>
>> if ($evaluation.getContext().getIdentity().getId() ==
>> $evaluation.getPermission().getResource().getOwner()) $evaluation.grant()
>>
>> and a permission that uses that policy.
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>


More information about the keycloak-user mailing list