Hi!
I try to understand the Authorization Services.
The Documentation for that rarely use the Term UMA. But in my understanding, the protocol used is normal UMA - is it? Is there a reason the documentation doesn’t say something like this:
The Keycloak Authorization Services build the UMA-Standart on top of the Authentication-Services and provide access controll to specific ressources.
Thanks ahead for an answer!
Thomas
There is something like that here in the “Authorization Services” documentation:
https://www.keycloak.org/docs/latest/authorization_services/#protection-api
The Protection API is a set of UMA-compliant endpoint-providing operations for resource servers to help them manage their resources, scopes, permissions, and policies associated with them. Only resource servers are allowed to access this API, which also requires a uma_protection scope.
What do you think should be added in order to make it clearer?
Thanks for the quick response!
Yeah, I read that! But this reads like UMA is just the Protection API and the rest of the authorization services have nothing to do with UMA - in my current understanding all communication with the authorization part (except the Admin UI) is all UMA. (Is that correct?)
For me, it would have helped me a lot if I would have researched UMA before trying to understand the Authorization Services. Also just saying that this authorization information can’t be included in OIDC access/id token or the user endpoint - that the authorization services are a different protocol on top of the other would have been helpful!
Am I on the right track?
Thanks again!
Thomas
Correct. Yes, you are on the right track. I agree that the documentation is somewhat thin in this case.
Thank you very much!! Very helpful!