I have created resources, policies and permission in Keycloack
Now I have created role-based policy and assign role to that policy also same role is assign to my user
But when i fetch user details using token I am not that what all resource and uris access my user has
Can anyone can help me with this
Just to give you some info, you are possibly dealing with three standards, so it’s good to be clear:
Each token is used for the use case specified above. Therefore, with the ID token, you solve the authentication use case, with the access token, you solve the authorization use case and with the PAT, you handle the complex policy evaluations in UMA ( unnecessarily complex standard when the theory does not align with practical implementation )
Each standard has its own endpoints, so I recommend checking which endpoint you are using to ensure there is no confusion.
[1] Final: OpenID Connect Core 1.0 incorporating errata set 2
[2] RFC 6749 - The OAuth 2.0 Authorization Framework
[3] Federated Authorization for User-Managed Access (UMA) 2.0
Ok @embesozzi thank you for the response
I have solve my problem using this API in KC documentation
I am getting my resource and permission
"authorization": {
"permissions": [
{
"scopes": [
"read"
],
"rsid": "f4cdcc0d-aebc-4b9f-8e4d-c89f4d48a5ac",
"rsname": "read-terminal"
},
{
"scopes": [
"read"
],
"rsid": "e4e98a52-fddf-4d5e-ab04-7decd8d0e6e7",
"rsname": "read-report"
},
{
"scopes": [
"read"
],
"rsid": "9e0f08b8-56a8-410a-a933-fad66cb02857",
"rsname": "read-poss-mdr"
}
]
}
But in the same API, I want to return all URIs that the resource has access to, If I get that it will solve my use case
Your help will be appreciated
this is my CURL request
curl --location ‘{server}/realms/{realm}/protocol/openid-connect/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–header 'Authorization: Bearer {token}
–data-urlencode ‘grant_type=urn:ietf:params:oauth:grant-type:uma-ticket’
–data-urlencode ‘audience={client_id}’
–data-urlencode ‘response_mode=permissions’ \
it returned me
[
{
"scopes": [
"read"
],
"rsid": "f4cdcc0d-aebc-4b9f-8e4d-c89f4d48a5ac",
"rsname": "read-terminal"
},
{
"scopes": [
"read",
"delete",
"write"
],
"rsid": "0e56b428-0548-43e7-95a0-2920038dea48",
"rsname": "admin"
},
{
"scopes": [
"read"
],
"rsid": "e4e98a52-fddf-4d5e-ab04-7decd8d0e6e7",
"rsname": "read-report"
},
{
"scopes": [
"read"
],
"rsid": "9e0f08b8-56a8-410a-a933-fad66cb02857",
"rsname": "read-poss-mdr"
}
]
I want URIs which I have added to my resources in the response
You are annoying people by mentioning them directly and more often then necessary.
I edited your post for these reasons.
If there people who can and are willi g to help you, then they will do so. Otherwise not.
Ok, I apologize for that and noted your point, but it would be great if you highlight your knowledge over the issue or suggest some alternative path to achieve that.
Awaiting your response over it.