libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Add permission management documentation

Browse source
This commit is contained in:
Bekh-Ivanov George 2019-04-10 17:02:53 +03:00 committed by Pedro Igor
parent ec0b70ed7e
commit 08af2ded72
2 changed files with 63 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
authorization_services/topics/service-protection-permission-api-papi.adoc
View file

@ -71,3 +71,63 @@ curl -X POST \
Where these claims will be available to your policies when evaluating permissions for the resource and scope(s) associated Where these claims will be available to your policies when evaluating permissions for the resource and scope(s) associated
with the permission ticket. with the permission ticket.
== Other non UMA-compliant endpoints
=== Creating permission ticket
To grant permissions for a specific resource with id {resource_id} to a user with id {user_id}, as an owner of the resource send an HTTP POST request as follows:
```bash
curl -X POST \
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
-H 'Authorization: Bearer '$access_token \
-H 'Content-Type: application/json' \
-d '{
"resource": "{resource_id}",
"requester": "{user_id}",
"granted": true,
"scopeName": "view"
}'
```
=== Getting permission tickets
```bash
curl http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
-H 'Authorization: Bearer '$access_token
```
You can use any of these query parameters:
* `scopeId`
* `resourceId`
* `owner`
* `requester`
* `granted`
* `returnNames`
* `first`
* `max`
=== Updating permission ticket
```bash
curl -X PUT \
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
-H 'Authorization: Bearer '$access_token \
-H 'Content-Type: application/json' \
-d '{
"id": "{ticket_id}"
"resource": "{resource_id}",
"requester": "{user_id}",
"granted": false,
"scopeName": "view"
}'
```
=== Deleting permission ticket
```bash
curl -X DELETE http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket/{ticket_id} \
-H 'Authorization: Bearer '$access_token
```

2
tests/src/test/resources/ignored-variables
View file

@ -19,4 +19,6 @@ keycloak.access_token['/sub']
keycloak.access_token['/preferred_username'] keycloak.access_token['/preferred_username']
keycloak.access_token['/custom_claim'] keycloak.access_token['/custom_claim']
resource_id resource_id
user_id
ticket_id
$evaluation.grant() $evaluation.grant()