[keycloak-user] Missing permissions
Julien Deruere
deruere.julien at gmail.com
Fri Jan 18 08:50:11 EST 2019
Voted, it's exactly what I need
Le ven. 18 janv. 2019 à 08:44, Pedro Igor Silva <psilva at redhat.com> a
écrit :
> Ok, Geoffrey. You won :) That should be delivered as soon as we start
> developing new features earlier this year.
>
> On Fri, Jan 18, 2019 at 10:39 AM Geoffrey Cleaves <geoff at opticks.io>
> wrote:
>
>> Vote for my feature request! ;)
>> https://issues.jboss.org/browse/KEYCLOAK-8915
>>
>> On Fri, 18 Jan 2019 at 13:26, Julien Deruere <deruere.julien at gmail.com>
>> wrote:
>>
>>> My goal is to fetch the list of resources on wich I have permissions to.
>>> If
>>> I can filter by type that would be even better. Is it possible?
>>>
>>> Le ven. 18 janv. 2019 05:37, Pedro Igor Silva <psilva at redhat.com> a
>>> écrit :
>>>
>>> > Hi,
>>> >
>>> > What if you try to obtain permissions by passing the resource id
>>> (instead
>>> > of asking all permissions)? Can you check if it works? I remember some
>>> > limitations when obtaining all permissions due to performance issues.
>>> Not
>>> > sure if that is the case.
>>> >
>>> > On Thu, Jan 17, 2019 at 6:45 PM Julien Deruere <
>>> deruere.julien at gmail.com>
>>> > wrote:
>>> >
>>> >> I'm getting permissions from this request:
>>> >>
>>> >> curl -X POST \
>>> >> http://
>>> ${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token
>>> >> \
>>> >> -H "Authorization: Bearer ${access_token}" \
>>> >> --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
>>> >> --data "audience={resource_server_client_id}" \ --data
>>> >> "response_mode=permissions"
>>> >>
>>> >> Which give me the good results when I use Keycloak UI to share a
>>> resource.
>>> >>
>>> >> Then if I give permission user the Policy API:
>>> >>
>>> >> curl -X POST \
>>> >>
>>> >>
>>> http://localhost:8180/auth/realms/photoz/authz/protection/uma-policy/{resource_id}
>>> >> \
>>> >> -H 'Authorization: Bearer '$access_token \
>>> >> -H 'Cache-Control: no-cache' \
>>> >> -H 'Content-Type: application/json' \
>>> >> -d '{
>>> >> "name": "Any people manager",
>>> >> "description": "Allow access to any people manager",
>>> >> "scopes": ["read"],
>>> >> "groups": ["/Managers/People Managers"]
>>> >> }'
>>> >>
>>> >>
>>> >> It works and I can see it in the Keycloak User panel or in the
>>> evaluate
>>> >> permission page, but first request does not I mention does not include
>>> >> this
>>> >> permission in the response.
>>> >>
>>> >> Any idea?
>>> >>
>>> > _______________________________________________
>>> >> keycloak-user mailing list
>>> >> keycloak-user at lists.jboss.org
>>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >>
>>> >
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> --
>>
>> Regards,
>> Geoffrey Cleaves
>>
>>
>>
>>
>>
>>
More information about the keycloak-user
mailing list