[keycloak-user] shared UMA 2.0 resource & scope based policies
Marek Lindner
mareklindner at neomailbox.ch
Wed Jan 16 07:01:56 EST 2019
On Wednesday, 16 January 2019 19:58:30 HKT Pedro Igor Silva wrote:
> Now I see. The result is giving a false-positive but the set of granted
> permissions should be correct.
>
> To check that, could you click "Show Authorization Data" link on the top of
> the result page and see how the permissions look like in the generated
> token? You should see:
>
> "authorization": {
> "permissions": [
> {
> "scopes": [
> "album:view"
> ],
> "rsid": "7e1ae12b-e733-4090-9f84-8242f9192288",
> "rsname": "Amazing sunsets"
> }
> ]
> },
Bob's album:view:
"authorization": {
"permissions": [
{
"scopes": [
"album:view"
],
"rsid": "2e93c0ea-d5e3-4538-bdf1-47f3c5c67e9b",
"rsname": "Amazing sunsets"
}
]
}
Bob's album:modify (false-positive):
"authorization": {
"permissions": [
{
"scopes": [
"album:view"
],
"rsid": "2e93c0ea-d5e3-4538-bdf1-47f3c5c67e9b",
"rsname": "Amazing sunsets"
}
]
}
Regards,
Marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190116/668b5fe9/attachment.bin
More information about the keycloak-user
mailing list