[keycloak-user] "Resource type" permissions and ownership
Corentin Dupont
corentin.dupont at gmail.com
Mon May 6 06:26:44 EDT 2019
Hi guys,
any idea on that? By the way, how to retrieve permissions based on the
resource type using the API?
I see no options to do that in the current API.
For instance in this request:
curl -X POST \
http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \
-H "Authorization: Bearer ${access_token}" \
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
--data "audience={resource_server_client_id}" \
--data "permission=Resource A#Scope A" \
--data "permission=Resource B#Scope B"
Where should I specify the resource type?
On Sat, May 4, 2019 at 4:01 PM Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> Hi guys,
> I noticed that when I use "Resource type" permissions ("Apply to Resource
> Type" is checked), only the resources that belong to the client are
> returned. Resources that belong to users will not be returned.
> Basically, I created 2 resources with the API: one belonging to the
> client, one to a user.
> I then evaluate my permissions, with "Apply to Resource Type" on. Only the
> resource belonging to the client will be returned.
> Why is that?
> If my resources need to belong to the client, how to manage ownership
> policies? Should I use Resource Attributes for that?
> Furthermore, I think UMA will not work anymore if the owner of the
> resource is the client?
>
> Thanks a lot!
> Corentin
>
More information about the keycloak-user
mailing list