New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support parameters like "uri" and "matchingUri" in the UMA grant token endpoint #15947
Comments
@y-tabata I have a use case for this as well. I am updating a dotnet API to use Keycloak for authorization. My current implementation is based off of one of the popular dotnet sdks for Keycloak. I store Resource & Scope on a custom attribute on each endpoint. Then, at run-time, Resource & Scope are snagged off of the custom attribute and used in the uma request to get a decision like so : {Resource}#{Scope}. This works and it's a simple solution but I would love to be able to do away with as much code as possible. My think is that when making the uma request if I could pass URI instead of Resource Name I could avoid having to decorate my endpoints with Resource & Scope. On the Keycloak side this would require a look up to match the URI to a Resource on the uma request. Also, in this scenario I believe I could base my scopes on URI + HttpMethod as well. Overall, this would make integration with dotnet apps very, very lean. As it could with apps built in golang or nodejs. Looking forward to feedback. Thanks! Corey |
Hello! I'm interested in this feature, when will it be released? |
Description
Currently, the Authorization service returns not only RPT (including the whole list of permissions) but also can return only decisions like
{'result': true}
if response_mode = decision is specified in the UMA grant token request. To do so, clients need to send the token request with "rsid" in its permission parameter. The "rsid" is a unique ID Keycloak decided, so clients need to get "rsid" by calling resource_set API with something like PAT.We'd like to avoid this extra communication. So we propose to support parameters like "uri" and "matchingUri" in the UMA grant token endpoint.
WDYT?
Discussion
No response
Motivation
No response
Details
No response
The text was updated successfully, but these errors were encountered: