[keycloak-user] Fwd: Keycloak 4
Corentin Dupont
corentin.dupont at gmail.com
Wed Jun 27 05:29:04 EDT 2018
OK, interesting: I didn't know about this console :)
I can access it with my "test" user, but I don't see the "My Resources"
menu entry (see screenshot).
I created some resources owned by that user (using the API). But they don't
show up.
What did I missed?
On Tue, Jun 26, 2018 at 2:42 PM, Pedro Igor Silva <psilva at redhat.com> wrote:
> Yeah, you can access those claims in a JS policy.
>
> Regarding the "account management console" take a look here:
> https://www.keycloak.org/docs/latest/authorization_ser
> vices/index.html#_service_authorization_api_aapi.
>
> On Mon, Jun 25, 2018 at 1:28 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Ok, I see the "claim_token" parameter in the request.
>> I guess you can retrieve those claims in a javascript rule, from the
>> evaluation context.
>>
>> By the way, I still cannot figure out where is the "account management
>> console", where user can manager users access (as per the release notes)??
>>
>> On Fri, Jun 22, 2018 at 7:09 PM, Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>>> The new form of obtaining entitlements relies solely on the token
>>> endpoint just like when you are obtaining access tokens using other OAuth2
>>> grant types. With that in mind the new format of the request should be a
>>> HTTP POST + parameters. Check this documentation [1] for more details.
>>>
>>> Regarding pushing claims to your policies, there is a specific HTTP
>>> parameter that you can use to pass a Base64 encoded JSON with the claims
>>> you want to push.
>>>
>>> [1] https://www.keycloak.org/docs/latest/authorization_servi
>>> ces/index.html#_service_obtaining_permissions
>>>
>>>
>>> On Fri, Jun 22, 2018 at 12:09 PM, Corentin Dupont <
>>> corentin.dupont at gmail.com> wrote:
>>>
>>>> Thanks Pedro, I went through the pull request.
>>>> I'm not sure how to modify my entitlement requests?
>>>> For example I have:
>>>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>>>> Bearer $TOKEN" -d '{
>>>> "permissions" : [
>>>> {
>>>> "resource_set_name" : "Sensors",
>>>> "scopes" : [
>>>> "sensors:update"
>>>> ]
>>>> }
>>>> ]
>>>> }' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>>>
>>>> This call has been moved to uma-2, right?
>>>> Can I add pushed claims to this call? What I'm imagining is:
>>>>
>>>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>>>> Bearer $TOKEN" -d '{
>>>> "permissions" : [
>>>> {
>>>> "resource_set_name" : "Sensors",
>>>> "scopes" : [
>>>> "sensors:update"
>>>> ]
>>>> }
>>>> ],
>>>> claims: ["owner": "cdupont"]
>>>> }' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup"
>>>>
>>>> In this example, I would like to push the owner of the sensor
>>>> ("cdupont"), which I take from our own database before calling the API.
>>>>
>>>> Sorry about the questions, maybe I should just wait that the
>>>> documentation is merged :)
>>>>
>>>>
>>>>
>>>> On Fri, Jun 22, 2018 at 4:37 PM, Pedro Igor Silva <psilva at redhat.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> We have a few changes to docs that were not released because the PR
>>>>> [1] was not merged on time. But you can check about pushed claims (if you
>>>>> are using our adapters) here [2].
>>>>>
>>>>> Regards.
>>>>> Pedro igor
>>>>>
>>>>> [1] https://github.com/keycloak/keycloak-documentation/pull/402
>>>>> [2] https://www.keycloak.org/docs/latest/authorization_servi
>>>>> ces/index.html#_enforcer_claim_information_point
>>>>>
>>>>> On Wed, Jun 20, 2018 at 10:04 AM, Corentin Dupont <
>>>>> corentin.dupont at gmail.com> wrote:
>>>>>
>>>>>> Hi guys,
>>>>>> I'm playing with the new version of Keycloak (
>>>>>> https://www.keycloak.org/docs/latest/release_notes/index.html)
>>>>>>
>>>>>> I have some questions:
>>>>>> - where is the "account management console"?
>>>>>> - How to use pushed claims? Which APIs are affected?
>>>>>>
>>>>>> Thanks!
>>>>>> Corentin
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot from 2018-06-27 11-17-38.png
Type: image/png
Size: 165461 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180627/79dd6577/attachment-0001.png
More information about the keycloak-user
mailing list