[keycloak-user] Missing permissions

Pedro Igor Silva psilva at redhat.com
Fri Jan 18 05:36:55 EST 2019


Hi,

What if you try to obtain permissions by passing the resource id (instead
of asking all permissions)? Can you check if it works? I remember some
limitations when obtaining all permissions due to performance issues. Not
sure if that is the case.

On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien at gmail.com>
wrote:

> I'm getting permissions from this request:
>
> curl -X POST \
>   http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
> \
>   -H "Authorization: Bearer ${access_token}" \
>   --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
>   --data "audience={resource_server_client_id}" \  --data
> "response_mode=permissions"
>
> Which give me the good results when I use Keycloak UI to share a resource.
>
> Then if I give permission user the Policy API:
>
> curl -X POST \
>
> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
> \
>   -H 'Authorization: Bearer '$access_token \
>   -H 'Cache-Control: no-cache' \
>   -H 'Content-Type: application/json' \
>   -d '{
>         "name": "Any people manager",
>         "description": "Allow access to any people manager",
>         "scopes": ["read"],
>         "groups": ["/Managers/People Managers"]
> }'
>
>
> It works and I can see it in the Keycloak User panel or in the evaluate
> permission page, but first request does not I mention does not include this
> permission in the response.
>
> Any idea?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list