[keycloak-user] UMA Share Resource with a User via AuthZ Client
Christian Sandmeier
Christian.Sandmeier at vivai.de
Tue Jan 8 11:57:20 EST 2019
Hi All,
first of all Thanks for the great work. I have been using Keycloak in a
Project for a couple of Months now and really like it.
I started to try out the UMA 2.0 Flow because it would be very nice to be able to share a resource with other Users.
Given the following 4 Steps, i don't understand why the Permissions are not in the RPT token
// Code for Steps 1 and 2 taken from here
// https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java
// Code for Steps 3 and 4 taken from here
// https://www.keycloak.org/docs/latest/authorization_services/index.html#obtaining-user-entitlements
1) Creating a Resource "Resource A" with Owner "demo"
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Resource A");
resource.setOwnerManagedAccess(true);
resource.setOwner("demo");
resource.addScope("Scope A");
resource = getAuthzClient().protection().resource().create(resource);
2) Creating the User Permission for User "test"
UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
newPermission.setName("User-Managed Permission");
newPermission.setDescription("User is allowed to access");
newPermission.addScope("Scope A");
newPermission.addUser("test");
ProtectionResource protection = getAuthzClient().protection("demo", "demo");
UmaPermissionRepresentation permission = protection.policy(resource.getId()).create(newPermission);
3) get a RPT for the User "test" for all Resources
AuthzClient authzClient = AuthzClient.create();
AuthorizationRequest request = new AuthorizationRequest();
AuthorizationResponse response = authzClient.authorization("test", "test").authorize(request);
String rpt = response.getToken();
4) Listing the Permissions
TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
System.out.println("Token status is: " + requestingPartyToken.getActive());
System.out.println("Permissions granted by the server: ");
for (Permission granted : requestingPartyToken.getPermissions()) {
System.out.println(granted);
}
The Resource and Permission are saved correctly, i can correctly read them via the AuthZ Client
but now i would assume that the Permission is in the RPT of the User "test".
Is this Assumption maybe already incorrect and i got a bit lost? Or is there probably a
problem in my Code because the Permission should be listed there?
Btw. if i skip Step 2) and instead share the the Resource with the User in the "Keycloak -> My Account-> My Resources" Page, it works. But not
with the UmaPermissionRepresentation.
Thank you in Advance
Best regards,
Christian Sandmeier
More information about the keycloak-user
mailing list