[keycloak-user] Entitlement request with additional parameters

Corentin Dupont corentin.dupont at gmail.com
Mon Jun 18 11:08:50 EDT 2018


Hi Pedro,
I see pushed claims (and 4.0.0 release) has landed, congratulations!
It's not clear for me how to use them... Is there some doc?
Can I continue to use the old entitlement API? Or should I switch to UMA?

Best,
Corentin

On Tue, Apr 10, 2018 at 2:20 PM, Pedro Igor Silva <psilva at redhat.com> wrote:

> Hi Corentin,
>
> We are adding support for "pushed claims". That is the main task I'm
> working with right now.
>
> If you want to track the changes being made and provide any feedback,
> please watch https://issues.jboss.org/browse/KEYCLOAK-4903. So far, I
> have enabled pushing claims when using UMA and permission tickets. As you
> might know, with the introduction of UMA 2.0 there is no specific endpoint
> for entitlements anymore. Now permissions are evaluated using the token
> endpoint. Next step is enable "pushed claims" to non-UMA requests (without
> permission tickets, just like the old entitlement api).
>
> On Tue, Apr 10, 2018 at 8:09 AM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi guys,
>> I use the entitlement API to check access control on my resources. Here I
>> check if a user can update a sensor:
>>
>> curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer
>> $TOKEN" -d '{
>>     "permissions" : [
>>         {
>>             "resource_set_name" : "Sensors",
>>             "scopes" : [
>>                 "sensors:update"
>>             ]
>>         }
>>     ]
>> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>
>>
>> But I would like to make complex policies that check additional
>> parameters,
>> such as sensor status etc.
>> How can I pass along the additional parameters to the request, and use
>> them
>> in my policies? I use javascript policies mainly.
>>
>> Thanks
>> Corentin
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


More information about the keycloak-user mailing list