[keycloak-user] Policy API endpoint lacks crucial information (in my opinion ; )
Pedro Igor Silva
psilva at redhat.com
Mon Nov 19 07:54:45 EST 2018
We should return the resource too, not only the scopes. Created
https://issues.jboss.org/browse/KEYCLOAK-8867 to include resource id to the
responses.
Regards.
Pedro Igor
On Mon, Nov 19, 2018 at 10:03 AM Geoffrey Cleaves <geoff at opticks.io> wrote:
> Hi. When querying the
> http://${host}:${post}/auth/realms/${realm}/authz/protection/uma-policy
> endpoint I get a response similar to this:
>
> [
> {
> "id": "6d5ffed7-5f1c-4b43-b2a8-986528aaee92",
> "name": "b189864a-754e-4b5d-9c5b-f36fd9aad102",
> "type": "uma",
> "scopes": [
> "campaign:view"
> ],
> "logic": "POSITIVE",
> "decisionStrategy": "UNANIMOUS",
> "owner": "45cb05ba-5485-459e-9cfc-25128adb1854",
> "users": [
> "user at domain.com"
> ]
> }
> ]
>
> The problem here is that we don't know what resource this policy applies
> to. As far as I know, there is no way to extract that information. Please
> let me know if I am missing something.
>
> I tried inspecting the network calls that the Admin Console does when
> listing a user's UMA policies, but unfortunately for me the information
> seems to be rendered server side instead of using the UMA REST API.
>
> The goal is to recreate and enhance the Keycloak supplied UMA My Resources
> functionality.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list