[keycloak-user] /authz/protection/permission/ticket usage?

Pedro Igor Silva psilva at redhat.com
Fri Nov 9 08:36:49 EST 2018 

Hi,

You can use "scopeName" and "requesterName" properties for that. Take a
look here
https://github.com/keycloak/keycloak/blob/5cbe595fe3094aae8135b8f2c729e9af0cbdd076/core/src/main/java/org/keycloak/representations/idm/authorization/PermissionTicketRepresentation.java#L22
.

Regards.
Pedro Igor

On Fri, Nov 9, 2018 at 7:18 AM Ulrik Sjölin <ulrik.sjolin at gmail.com> wrote:

> Hello,
>
> I have a question on how to use the
> API: /authz/protection/permission/ticket
>
> I can call the endpoint successfully if I do the call with only ids:
>
> curl --silent -X POST \
>   http://
> ${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
> \
>   -H "Authorization: Bearer ${service_access_token}" \
>   -H "Content-Type: application/json" \
>   -d "{
>         \"resource\":\"${resource_id}\",
>         \"scope\":\"40065a35-02d5-4db9-be46-02566cf7a666\",
>         \"requester\":\"79ae9a5a-0304-41ec-b721-d57a09d419cb\",
>         \"granted\":\"true\"
>     }”
>
> It would however be a lot more workable for me if I could use names like:
>
> curl --silent -X POST \
>   http://
> ${host}:${port}/auth/realms/${realm}/authz/protection/permission/ticket
> \
>   -H "Authorization: Bearer ${service_access_token}" \
>   -H "Content-Type: application/json" \
>   -d "{
>         \"resource\":\"${resource_id}\",
>         \"scope\":\”Read\",
>         \"requester\":\”alice\",
>         \"granted\":\"true\"
>     }”
>
> But when I do this I get:
>
> {"error":"invalid_scope","error_description":"Scope [Read] is invalid”}
> {"error":"invalid_permission","error_description":"Requester does not
> exists in this server as user.”}
>
> Looking at the code there seems to be lookups from names to id, but
> for some reason it fails. What
> am I doing wrong? Any help is greatly appreciated.
>
> Best Regards,
>
> Ulrik Sjölin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list