[keycloak-user] rest api to get resource permission evalauted
Suresh Mali
sursma at yahoo.com
Mon Jan 7 15:11:05 EST 2019
I have created resources via api for a users {kc-host}:{kc-port}/auth/realms/{realm}/authz/protection/resource_set/
I have created policy which decides based on the relation between the resource owner and identity user
like thisvar identity_user = $evaluation.context.identity.id;var resource_owner = $evaluation.permission.resource.getOwner();
var identity_user_attrs = $evaluation.realm.getUserAttributes(resource_owner) ;var allowed_agents = identity_user_attrs.allowed_agents ;if ( resource_owner == identity_user ){ $evaluation.grant(); }else if (allowed_agents !== null && allowed_agents[0].indexOf(identity_user) > -1 ) { $evaluation.grant();}
else { $evaluation.deny();}
I am able to evaluate the permission for various users & (agent users) on keycloak admin console in realm->client->autherization->evaluation tab It is evaluating properly
How can I get same permission/ deny from a rest api so that I can call from my client on behalf of identity user with identity users access token as autherization (or other method or autherization)
either simple permitted/deny or "permissions": [ { "scopes": [ "read" ], "rsid": "e1617f7c-dffe-42c9-b91f-476e8a810c4a", "rsname": "kyc1" } ]
kind of output is required
I tried {kc-host}:{kc-port}/auth/realms/{realm}//authz/protection/permission
I get opaque permission ticket, how can I decode this?
thank you Suresh
More information about the keycloak-user
mailing list