[keycloak-user] Keycloak 4
Pedro Igor Silva
psilva at redhat.com
Wed Jun 27 09:36:45 EDT 2018
Think we are missing this in docs :)
You need to enable "User-Managed Access" in Realm Settings (General tab).
On Wed, Jun 27, 2018 at 6:20 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> OK, interesting: I didn't know about this console :)
> I can access it with my "test" user, but I don't see the "My Resources"
> menu entry (see screenshot).
> I created some resources owned by that user (using the API). But they
> don't show up.
> What did I missed?
>
> On Tue, Jun 26, 2018 at 2:42 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> Yeah, you can access those claims in a JS policy.
>>
>> Regarding the "account management console" take a look here:
>> https://www.keycloak.org/docs/latest/authorization_ser
>> vices/index.html#_service_authorization_api_aapi.
>>
>> On Mon, Jun 25, 2018 at 1:28 PM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Ok, I see the "claim_token" parameter in the request.
>>> I guess you can retrieve those claims in a javascript rule, from the
>>> evaluation context.
>>>
>>> By the way, I still cannot figure out where is the "account management
>>> console", where user can manager users access (as per the release notes)??
>>>
>>> On Fri, Jun 22, 2018 at 7:09 PM, Pedro Igor Silva <psilva at redhat.com>
>>> wrote:
>>>
>>>> The new form of obtaining entitlements relies solely on the token
>>>> endpoint just like when you are obtaining access tokens using other OAuth2
>>>> grant types. With that in mind the new format of the request should be a
>>>> HTTP POST + parameters. Check this documentation [1] for more details.
>>>>
>>>> Regarding pushing claims to your policies, there is a specific HTTP
>>>> parameter that you can use to pass a Base64 encoded JSON with the claims
>>>> you want to push.
>>>>
>>>> [1] https://www.keycloak.org/docs/latest/authorization_servi
>>>> ces/index.html#_service_obtaining_permissions
>>>>
>>>>
>>>> On Fri, Jun 22, 2018 at 12:09 PM, Corentin Dupont <
>>>> corentin.dupont at gmail.com> wrote:
>>>>
>>>>> Thanks Pedro, I went through the pull request.
>>>>> I'm not sure how to modify my entitlement requests?
>>>>> For example I have:
>>>>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>>>>> Bearer $TOKEN" -d '{
>>>>> "permissions" : [
>>>>> {
>>>>> "resource_set_name" : "Sensors",
>>>>> "scopes" : [
>>>>> "sensors:update"
>>>>> ]
>>>>> }
>>>>> ]
>>>>> }' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup
>>>>> "
>>>>>
>>>>> This call has been moved to uma-2, right?
>>>>> Can I add pushed claims to this call? What I'm imagining is:
>>>>>
>>>>> curl -X POST -H "Content-Type: application/json" -H "Authorization:
>>>>> Bearer $TOKEN" -d '{
>>>>> "permissions" : [
>>>>> {
>>>>> "resource_set_name" : "Sensors",
>>>>> "scopes" : [
>>>>> "sensors:update"
>>>>> ]
>>>>> }
>>>>> ],
>>>>> claims: ["owner": "cdupont"]
>>>>> }' "http://localhost:8080/auth/realms/waziup/authz/entitlement/waziup
>>>>> "
>>>>>
>>>>> In this example, I would like to push the owner of the sensor
>>>>> ("cdupont"), which I take from our own database before calling the API.
>>>>>
>>>>> Sorry about the questions, maybe I should just wait that the
>>>>> documentation is merged :)
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 22, 2018 at 4:37 PM, Pedro Igor Silva <psilva at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> We have a few changes to docs that were not released because the PR
>>>>>> [1] was not merged on time. But you can check about pushed claims (if you
>>>>>> are using our adapters) here [2].
>>>>>>
>>>>>> Regards.
>>>>>> Pedro igor
>>>>>>
>>>>>> [1] https://github.com/keycloak/keycloak-documentation/pull/402
>>>>>> [2] https://www.keycloak.org/docs/latest/authorization_servi
>>>>>> ces/index.html#_enforcer_claim_information_point
>>>>>>
>>>>>> On Wed, Jun 20, 2018 at 10:04 AM, Corentin Dupont <
>>>>>> corentin.dupont at gmail.com> wrote:
>>>>>>
>>>>>>> Hi guys,
>>>>>>> I'm playing with the new version of Keycloak (
>>>>>>> https://www.keycloak.org/docs/latest/release_notes/index.html)
>>>>>>>
>>>>>>> I have some questions:
>>>>>>> - where is the "account management console"?
>>>>>>> - How to use pushed claims? Which APIs are affected?
>>>>>>>
>>>>>>> Thanks!
>>>>>>> Corentin
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list