[keycloak-user] Keycloak 4

Pedro Igor Silva psilva at redhat.com
Tue Jun 26 08:42:13 EDT 2018


Yeah, you can access those claims in a JS policy.

Regarding the "account management console" take a look here:
https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_authorization_api_aapi
.

On Mon, Jun 25, 2018 at 1:28 PM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Ok, I see the "claim_token" parameter in the request.
> I guess you can retrieve those claims in a javascript rule, from the
> evaluation context.
>
> By the way, I still cannot figure out where is the "account management
> console", where user can manager users access (as per the release notes)??
>
> On Fri, Jun 22, 2018 at 7:09 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> The new form of obtaining entitlements relies solely on the token
>> endpoint just like when you are obtaining access tokens using other OAuth2
>> grant types. With that in mind the new format of the request should be a
>> HTTP POST + parameters. Check this documentation [1] for more details.
>>
>> Regarding pushing claims to your policies, there is a specific HTTP
>> parameter that you can use to pass a Base64 encoded JSON with the claims
>> you want to push.
>>
>> [1] https://www.keycloak.org/docs/latest/authorization_servi
>> ces/index.html#_service_obtaining_permissions
>>
>>
>> On Fri, Jun 22, 2018 at 12:09 PM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Thanks Pedro, I went through the pull request.
>>> I'm not sure how to modify my entitlement requests?
>>> For example I have:
>>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>>> Bearer $TOKEN" -d '{
>>>     "permissions" : [
>>>         {
>>>             "resource_set_name" : "Sensors",
>>>             "scopes" : [
>>>                 "sensors:update"
>>>             ]
>>>         }
>>>     ]
>>> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>>
>>> This call has been moved to uma-2, right?
>>> Can I add pushed claims to this call? What I'm imagining is:
>>>
>>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>>> Bearer $TOKEN" -d '{
>>>     "permissions" : [
>>>         {
>>>             "resource_set_name" : "Sensors",
>>>             "scopes" : [
>>>                 "sensors:update"
>>>             ]
>>>         }
>>>     ],
>>>     claims: ["owner": "cdupont"]
>>> }'  "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>>
>>> In this example, I would like to push the owner of the sensor
>>> ("cdupont"), which I take from our own database before calling the API.
>>>
>>> Sorry about the questions, maybe I should just wait that the
>>> documentation is merged :)
>>>
>>>
>>>
>>> On Fri, Jun 22, 2018 at 4:37 PM, Pedro Igor Silva <psilva at redhat.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> We have a few changes to docs that were not released because the PR [1]
>>>> was not merged on time. But you can check about pushed claims (if you are
>>>> using our adapters) here [2].
>>>>
>>>> Regards.
>>>> Pedro igor
>>>>
>>>> [1] https://github.com/keycloak/keycloak-documentation/pull/402
>>>> [2] https://www.keycloak.org/docs/latest/authorization_servi
>>>> ces/index.html#_enforcer_claim_information_point
>>>>
>>>> On Wed, Jun 20, 2018 at 10:04 AM, Corentin Dupont <
>>>> corentin.dupont at gmail.com> wrote:
>>>>
>>>>> Hi guys,
>>>>> I'm playing with the new version of Keycloak (
>>>>> https://www.keycloak.org/docs/latest/release_notes/index.html)
>>>>>
>>>>> I have some questions:
>>>>> - where is the "account management console"?
>>>>> - How to use pushed claims? Which APIs are affected?
>>>>>
>>>>> Thanks!
>>>>> Corentin
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>


More information about the keycloak-user mailing list