[keycloak-user] shared UMA 2.0 resource & scope based policies
Pedro Igor Silva
psilva at redhat.com
Wed Jan 16 07:13:56 EST 2019
Thanks. I think we are on the same page then. Created
https://issues.jboss.org/browse/KEYCLOAK-9337.
Please, for now, ignore that result and consider the set of the actual
granted permissions.
Regards.
Pedro Igor
On Wed, Jan 16, 2019 at 10:02 AM Marek Lindner <mareklindner at neomailbox.ch>
wrote:
> On Wednesday, 16 January 2019 19:58:30 HKT Pedro Igor Silva wrote:
> > Now I see. The result is giving a false-positive but the set of granted
> > permissions should be correct.
> >
> > To check that, could you click "Show Authorization Data" link on the top
> of
> > the result page and see how the permissions look like in the generated
> > token? You should see:
> >
> > "authorization": {
> > "permissions": [
> > {
> > "scopes": [
> > "album:view"
> > ],
> > "rsid": "7e1ae12b-e733-4090-9f84-8242f9192288",
> > "rsname": "Amazing sunsets"
> > }
> > ]
> > },
>
> Bob's album:view:
>
> "authorization": {
> "permissions": [
> {
> "scopes": [
> "album:view"
> ],
> "rsid": "2e93c0ea-d5e3-4538-bdf1-47f3c5c67e9b",
> "rsname": "Amazing sunsets"
> }
> ]
> }
>
> Bob's album:modify (false-positive):
>
> "authorization": {
> "permissions": [
> {
> "scopes": [
> "album:view"
> ],
> "rsid": "2e93c0ea-d5e3-4538-bdf1-47f3c5c67e9b",
> "rsname": "Amazing sunsets"
> }
> ]
> }
>
> Regards,
> Marek
>
More information about the keycloak-user
mailing list