Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client credentials tab not visible with "view-clients" role #19134

Closed
ch-lepp opened this issue Oct 4, 2022 · 1 comment · Fixed by #19449
Closed

client credentials tab not visible with "view-clients" role #19134

ch-lepp opened this issue Oct 4, 2022 · 1 comment · Fixed by #19449
Assignees
@ssilvert
Labels
area/admin/ui area/docs impact/high kind/bug Categorizes a PR related to a bug team/ui
Milestone
21.1.0

Comments

@ch-lepp
Copy link
Contributor

ch-lepp commented Oct 4, 2022
edited

Describe the bug

With the "view-clients" role an user should be able to inspect an entire client.
The credentials tab however is currently only available with the "manage-clients" role.

Version

19.0.1

Expected behavior

An user with the "view-clients" role can insepect the client credentials.

Actual behavior

An user with the "view-clients" role is not presented with the credentials tab.

How to Reproduce?

  1. Create a new Client and enable "client authentication".
  2. Create new user in the admin realm, assign the "view-clients" role, login and check for the client from step 1.

Anything else?

The Bug came with the changes from #2702.

In its description the pull request even specifies that no "manage-clients" role should be necessary.

To see the Clients section the user should have "view-clients" and "query-clients" roles.
To see the Permissions tab, the user also needs "manage-authorization" role.
To see Keys and Credentials tabs, the client needs to have Client authentication enabled.
@ch-lepp ch-lepp added kind/bug Categorizes a PR related to a bug status/triage labels Oct 4, 2022
@stianst stianst transferred this issue from keycloak/keycloak-documentation Mar 20, 2023
@ghost ghost added the team/ui label Mar 20, 2023
@ssilvert ssilvert self-assigned this Mar 21, 2023
@ssilvert ssilvert added this to the 22.0.0 milestone Mar 21, 2023
ssilvert added a commit to ssilvert/keycloak that referenced this issue Mar 30, 2023
@ssilvert
Fixes access for credentials tab.
5fa1850 
Fixes keycloak#19134
@ssilvert ssilvert mentioned this issue Mar 30, 2023
Merged
ssilvert added a commit that referenced this issue Mar 31, 2023
@ssilvert
Fixes access for credentials tab. (#19449)
139b809 
Fixes #19134
@ssilvert ssilvert mentioned this issue Apr 3, 2023
Closed
2 tasks
@stianst stianst modified the milestones: 22.0.0, 21.1.0 Apr 14, 2023
@Nathanael-Mtd
Copy link

Hello !
We use fine-grained auth functionnaliy, but the #19449 didn't really fix the issue for us.

For some explainations, we use fine grain to provide access in read only access for specifics clients. On the realm-management client, we only add the query-clients role for a specific user group.
And on clients permissions tab, for our specifics clients, we add view permission for the policy linked to the user group.

It's pretty the same issue but for fine-grained client permissions.

arthur25000 pushed a commit to arthur25000/keycloak that referenced this issue May 4, 2023
@ssilvert
Fixes access for credentials tab. (keycloak#19449)
57b03f4 
Fixes keycloak#19134
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ssilvert ssilvert

Labels
area/admin/ui area/docs impact/high kind/bug Categorizes a PR related to a bug team/ui
Projects
None yet
Milestone
21.1.0
Development

Successfully merging a pull request may close this issue.

Fixes access for credentials tab. ssilvert/keycloak
4 participants
@ssilvert @stianst @ch-lepp @Nathanael-Mtd