[keycloak-user] Missing permissions

Geoffrey Cleaves geoff at opticks.io
Fri Jan 18 07:38:53 EST 2019 

Vote for my feature request! ;)
https://issues.jboss.org/browse/KEYCLOAK-8915

On Fri, 18 Jan 2019 at 13:26, Julien Deruere <deruere.julien at gmail.com>
wrote:

> My goal is to fetch the list of resources on wich I have permissions to. If
> I can filter by type that would be even better. Is it possible?
>
> Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva at redhat.com> a écrit
> :
>
> > Hi,
> >
> > What if you try to obtain permissions by passing the resource id (instead
> > of asking all permissions)? Can you check if it works? I remember some
> > limitations when obtaining all permissions due to performance issues. Not
> > sure if that is the case.
> >
> > On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <deruere.julien at gmail.com
> >
> > wrote:
> >
> >> I'm getting permissions from this request:
> >>
> >> curl -X POST \
> >>   http://
> ${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
> >> \
> >>   -H "Authorization: Bearer ${access_token}" \
> >>   --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
> >>   --data "audience={resource_server_client_id}" \  --data
> >> "response_mode=permissions"
> >>
> >> Which give me the good results when I use Keycloak UI to share a
> resource.
> >>
> >> Then if I give permission user the Policy API:
> >>
> >> curl -X POST \
> >>
> >>
> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
> >> \
> >>   -H 'Authorization: Bearer '$access_token \
> >>   -H 'Cache-Control: no-cache' \
> >>   -H 'Content-Type: application/json' \
> >>   -d '{
> >>         "name": "Any people manager",
> >>         "description": "Allow access to any people manager",
> >>         "scopes": ["read"],
> >>         "groups": ["/Managers/People Managers"]
> >> }'
> >>
> >>
> >> It works and I can see it in the Keycloak User panel or in the evaluate
> >> permission page, but first request does not I mention does not include
> >> this
> >> permission in the response.
> >>
> >> Any idea?
> >>
> > _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 

Regards,
Geoffrey Cleaves

More information about the keycloak-user mailing list