keycloak-scim/docs/documentation/authorization_services/topics/service-authorization-pushing-claims.adoc

[[_service_pushing_claims]]
= Pushing claims

When obtaining permissions from the server you can push arbitrary claims in order to have these
claims available to your policies when evaluating permissions.

If you are obtaining permissions from the server *without* using a permission ticket (UMA flow), you can send
an authorization request to the token endpoint as follows:

[source,bash,subs="attributes+"]
----
curl -X POST \
  http://${host}:${port}{kc_realms_path}/${realm}/protocol/openid-connect/token \
  --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
  --data "claim_token=ewogICAib3JnYW5pemF0aW9uIjogWyJhY21lIl0KfQ==" \
  --data "claim_token_format=urn:ietf:params:oauth:token-type:jwt" \
  --data "client_id={resource_server_client_id}" \
  --data "client_secret={resource_server_client_secret}" \
  --data "audience={resource_server_client_id}"
----

The `claim_token` parameter expects a BASE64 encoded JSON with a format similar to the example below:

```json
{
    "organization" : ["acme"]
}
```

The format expects one or more claims where the value for each claim must be an array of strings.

== Pushing claims Using UMA

For more details about how to push claims when using UMA and permission tickets, please take a look at <<_service_protection_permission_api_papi, Permission API>>
[KEYCLOAK-7552] - More documentation about how to push claims 2018-06-22 19:50:10 +00:00			`[[_service_pushing_claims]]`
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`= Pushing claims`
[KEYCLOAK-7552] - More documentation about how to push claims 2018-06-22 19:50:10 +00:00
			`When obtaining permissions from the server you can push arbitrary claims in order to have these`
			`claims available to your policies when evaluating permissions.`

			`If you are obtaining permissions from the server without using a permission ticket (UMA flow), you can send`
			`an authorization request to the token endpoint as follows:`

Update documentation for Quarkus distribution (#1385) 2022-02-08 13:07:16 +00:00			`[source,bash,subs="attributes+"]`
			`----`
[KEYCLOAK-7552] - More documentation about how to push claims 2018-06-22 19:50:10 +00:00			`curl -X POST \`
Update documentation for Quarkus distribution (#1385) 2022-02-08 13:07:16 +00:00			`http://${host}:${port}{kc_realms_path}/${realm}/protocol/openid-connect/token \`
[KEYCLOAK-7552] - More documentation about how to push claims 2018-06-22 19:50:10 +00:00			`--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \`
			`--data "claim_token=ewogICAib3JnYW5pemF0aW9uIjogWyJhY21lIl0KfQ==" \`
			`--data "claim_token_format=urn:ietf:params:oauth:token-type:jwt" \`
			`--data "client_id={resource_server_client_id}" \`
			`--data "client_secret={resource_server_client_secret}" \`
			`--data "audience={resource_server_client_id}"`
Update documentation for Quarkus distribution (#1385) 2022-02-08 13:07:16 +00:00			`----`
[KEYCLOAK-7552] - More documentation about how to push claims 2018-06-22 19:50:10 +00:00
			The `claim_token` parameter expects a BASE64 encoded JSON with a format similar to the example below:

			```json
			`{`
			`"organization" : ["acme"]`
			`}`
			```

			`The format expects one or more claims where the value for each claim must be an array of strings.`

KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`== Pushing claims Using UMA`
[KEYCLOAK-7552] - More documentation about how to push claims 2018-06-22 19:50:10 +00:00
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`For more details about how to push claims when using UMA and permission tickets, please take a look at <<_service_protection_permission_api_papi, Permission API>>`