[keycloak-user] /authz/protection/permission/ticket usage?
Ulrik Sjölin
ulrik.sjolin at gmail.com
Fri Nov 9 04:15:07 EST 2018
Hello,
I have a question on how to use the API: /authz/protection/permission/ticket
I can call the endpoint successfully if I do the call with only ids:
curl --silent -X POST \
http://${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
\
-H "Authorization: Bearer ${service_access_token}" \
-H "Content-Type: application/json" \
-d "{
\"resource\":\"${resource_id}\",
\"scope\":\"40065a35-02d5-4db9-be46-02566cf7a666\",
\"requester\":\"79ae9a5a-0304-41ec-b721-d57a09d419cb\",
\"granted\":\"true\"
}”
It would however be a lot more workable for me if I could use names like:
curl --silent -X POST \
http://${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
\
-H "Authorization: Bearer ${service_access_token}" \
-H "Content-Type: application/json" \
-d "{
\"resource\":\"${resource_id}\",
\"scope\":\”Read\",
\"requester\":\”alice\",
\"granted\":\"true\"
}”
But when I do this I get:
{"error":"invalid_scope","error_description":"Scope [Read] is invalid”}
{"error":"invalid_permission","error_description":"Requester does not
exists in this server as user.”}
Looking at the code there seems to be lookups from names to id, but
for some reason it fails. What
am I doing wrong? Any help is greatly appreciated.
Best Regards,
Ulrik Sjölin
More information about the keycloak-user
mailing list