[keycloak-user] Keycloak 4

Corentin Dupont corentin.dupont at gmail.com
Mon Jun 25 12:28:47 EDT 2018


Ok, I see the "claim_token" parameter in the request.
I guess you can retrieve those claims in a javascript rule, from the
evaluation context.

By the way, I still cannot figure out where is the "account management
console", where user can manager users access (as per the release notes)??

On Fri, Jun 22, 2018 at 7:09 PM, Pedro Igor Silva <psilva at redhat.com> wrote:

> The new form of obtaining entitlements relies solely on the token endpoint
> just like when you are obtaining access tokens using other OAuth2 grant
> types. With that in mind the new format of the request should be a HTTP
> POST + parameters. Check this documentation [1] for more details.
>
> Regarding pushing claims to your policies, there is a specific HTTP
> parameter that you can use to pass a Base64 encoded JSON with the claims
> you want to push.
>
> [1] https://www.keycloak.org/docs/latest/authorization_
> services/index.html#_service_obtaining_permissions
>
>
> On Fri, Jun 22, 2018 at 12:09 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Thanks Pedro, I went through the pull request.
>> I'm not sure how to modify my entitlement requests?
>> For example I have:
>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>> Bearer $TOKEN" -d '{
>>     "permissions" : [
>>         {
>>             "resource_set_name" : "Sensors",
>>             "scopes" : [
>>                 "sensors:update"
>>             ]
>>         }
>>     ]
>> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>
>> This call has been moved to uma-2, right?
>> Can I add pushed claims to this call? What I'm imagining is:
>>
>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>> Bearer $TOKEN" -d '{
>>     "permissions" : [
>>         {
>>             "resource_set_name" : "Sensors",
>>             "scopes" : [
>>                 "sensors:update"
>>             ]
>>         }
>>     ],
>>     claims: ["owner": "cdupont"]
>> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>
>> In this example, I would like to push the owner of the sensor
>> ("cdupont"), which I take from our own database before calling the API.
>>
>> Sorry about the questions, maybe I should just wait that the
>> documentation is merged :)
>>
>>
>>
>> On Fri, Jun 22, 2018 at 4:37 PM, Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>>> Hi,
>>>
>>> We have a few changes to docs that were not released because the PR [1]
>>> was not merged on time. But you can check about pushed claims (if you are
>>> using our adapters) here [2].
>>>
>>> Regards.
>>> Pedro igor
>>>
>>> [1] https://github.com/keycloak/keycloak-documentation/pull/402
>>> [2] https://www.keycloak.org/docs/latest/authorization_servi
>>> ces/index.html#_enforcer_claim_information_point
>>>
>>> On Wed, Jun 20, 2018 at 10:04 AM, Corentin Dupont <
>>> corentin.dupont at gmail.com> wrote:
>>>
>>>> Hi guys,
>>>> I'm playing with the new version of Keycloak (
>>>> https://www.keycloak.org/docs/latest/release_notes/index.html)
>>>>
>>>> I have some questions:
>>>> - where is the "account management console"?
>>>> - How to use pushed claims? Which APIs are affected?
>>>>
>>>> Thanks!
>>>> Corentin
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>


More information about the keycloak-user mailing list