33 lines
1.3 KiB
Text
33 lines
1.3 KiB
Text
|
[[_service_pushing_claims]]
|
||
|
|
= Pushing Claims
|
||
|
|
|
||
|
|
When obtaining permissions from the server you can push arbitrary claims in order to have these
|
||
|
|
claims available to your policies when evaluating permissions.
|
||
|
|
|
||
|
|
If you are obtaining permissions from the server *without* using a permission ticket (UMA flow), you can send
|
||
|
|
an authorization request to the token endpoint as follows:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
curl -X POST \
|
||
|
|
http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \
|
||
|
|
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
|
||
|
|
--data "claim_token=ewogICAib3JnYW5pemF0aW9uIjogWyJhY21lIl0KfQ==" \
|
||
|
|
--data "claim_token_format=urn:ietf:params:oauth:token-type:jwt" \
|
||
|
|
--data "client_id={resource_server_client_id}" \
|
||
|
|
--data "client_secret={resource_server_client_secret}" \
|
||
|
|
--data "audience={resource_server_client_id}"
|
||
|
|
```
|
||
|
|
|
||
|
|
The `claim_token` parameter expects a BASE64 encoded JSON with a format similar to the example below:
|
||
|
|
|
||
|
|
```json
|
||
|
|
{
|
||
|
|
"organization" : ["acme"]
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
The format expects one or more claims where the value for each claim must be an array of strings.
|
||
|
|
|
||
|
|
== Pushing Claims Using UMA
|
||
|
|
|
||
|
|
For more details about how to push claims when using UMA and permission tickets, please take a look at <<_service_protection_permission_api_papi, Permission API>>
|