[keycloak-user] Feature Request

Sushil Singh sushil.singh at guavus.com
Fri Nov 8 03:08:20 EST 2019


Hi All,

I have developed custom-Enforcer functionality for spring/springboot adapters . So that user can specify enforcement on  Resource / List of Resource with scopes / Set of scopes with in application itself.

Currently , what happens in keycloak is that resources are end points and scopes are either specified in keycloak.json for the paths or we specify http-methods-as-scopes to be true .

But our business requirement is such that Resources can be independent of endpoints (basically they are non static) or one endpoint can be internally associated with multiple protected resource with custom scopes (other than HTTP methods)

So , with this functionality , one can customize policy-enforcing on resources according to application needs.
Also , for non Rest Resources also it can work , since the enforcement can be coupled in the application itself

Jira : https://issues.jboss.org/browse/KEYCLOAK-11300
PR : https://github.com/keycloak/keycloak/pull/6448

Thanks

Sushil Pratap Singh

________________________________
From: Sushil Singh
Sent: 14 September 2019 18:42
To: keycloak-user at lists.jboss.org <keycloak-user at lists.jboss.org>
Subject: Feature Request

Hi,

As of now there is support of only http-method-as-scope when policyEnforcer is enabled inorder to get the mapping between application scopes and keycloak defined scopes. But I want to use keycloak not only for rest api's but for other use cases where I can have application specific custom resources (independent of URI requested) and actions(scopes). i want some API to provide support for custom resources as well as scopes

ex-: I have a pipeline to run and it can have actions like STOP ,RUN , RESTART and some actions like CREATE AND RESTART. So there can be one scope or a combination of multiple scopes for a resource to be accessed. So adding a functionality where user can use custom scopes would be of great help and extend its usability for non rest api's also.

https://issues.jboss.org/browse/KEYCLOAK-11300

Thanks,

Sushil Pratap Singh


More information about the keycloak-user mailing list