[keycloak-user] Unspecified behavior of token endpoint when obtaining permissions
Geoffrey Cleaves
geoff at opticks.io
Wed Nov 14 02:26:42 EST 2018
Sounds like a bug. I know there is a bug in the policy evaluation code that
can result in some permissions being missed and I understand that it will
be fixed in 4.6.
That being said, when I request all the permissions for the token's owner,
I do get the expected result except for some missing scopes due to said
bug. Are you sure your policies are built correctly? Did you build a policy
granting permissions to resource owners?
On Wed, Nov 14, 2018, 00:52 Lamina, Marco <marco.lamina at sap.com wrote:
> Hi,
> I am trying to use Keycloak’s token endpoint to obtain a list of all
> resources and the respective scopes that a user has permission to access.
> However, the behavior I am observing does not match what is described in
> the documentation (Link [1]). I am using the token endpoint as shown in
> Link [2].
>
> Expected behavior:
> Token endpoint returns a list of all resources and scopes that the token’s
> user has permission to access.
>
> Observed behavior:
> Token endpoint only returns resources that are owned by either the token’s
> user or the resource server itself. Resources owned by other users are not
> listed, even though the token’s user has permission to access them.
>
> Is that a bug or expected behavior?
>
> Links:
>
> [1]
> https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_obtaining_permissions
> [2]
> https://issues.jboss.org/browse/KEYCLOAK-8768?focusedCommentId=13658545&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13658545
>
> Thanks,
> Marco
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list