[keycloak-user] UMA and large resource sets
Asbjørn Dyhrberg Thegler
asbjoern at gmail.com
Wed Aug 21 07:11:11 EDT 2019
Hello there,
I am implementing a Node.js resource server and I currently struggle with
figuring out how to let a user list all their resources from a specifict
resource set.
For example, a user can GET /activities and get all their own activities,
but not other users. I am not certain of how to create a UMA permission
ticket for that request, since don't already know the IDs of the users
activities. Further, the user could have access to other users activities
through resource sharing. This list is potentially very large, (as in
thousands of IDs), and I don't imagine putting that large a JWT in a header
is a good idea either.
What is the recommended way to handle this?
I am wondering if I should let the resource server itself query KeyCloak
for a list of IDs for all its own activities and activities shared with the
user - but I can't seem to figure out what API endpoint that lets me do
this in KeyCloak 6.0.1, since the Entitlement API has been deprecated.
Thanks for your help, I really enjoy working with KeyCloak so far. :)
Regards, Asbjørn
More information about the keycloak-user
mailing list