Add permission management documentation

This commit is contained in:
Bekh-Ivanov George 2019-04-10 17:02:53 +03:00 committed by Pedro Igor
parent ec0b70ed7e
commit 08af2ded72
2 changed files with 63 additions and 1 deletions

View file

@ -71,3 +71,63 @@ curl -X POST \
Where these claims will be available to your policies when evaluating permissions for the resource and scope(s) associated
with the permission ticket.
== Other non UMA-compliant endpoints
=== Creating permission ticket
To grant permissions for a specific resource with id {resource_id} to a user with id {user_id}, as an owner of the resource send an HTTP POST request as follows:
```bash
curl -X POST \
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
-H 'Authorization: Bearer '$access_token \
-H 'Content-Type: application/json' \
-d '{
"resource": "{resource_id}",
"requester": "{user_id}",
"granted": true,
"scopeName": "view"
}'
```
=== Getting permission tickets
```bash
curl http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
-H 'Authorization: Bearer '$access_token
```
You can use any of these query parameters:
* `scopeId`
* `resourceId`
* `owner`
* `requester`
* `granted`
* `returnNames`
* `first`
* `max`
=== Updating permission ticket
```bash
curl -X PUT \
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
-H 'Authorization: Bearer '$access_token \
-H 'Content-Type: application/json' \
-d '{
"id": "{ticket_id}"
"resource": "{resource_id}",
"requester": "{user_id}",
"granted": false,
"scopeName": "view"
}'
```
=== Deleting permission ticket
```bash
curl -X DELETE http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket/{ticket_id} \
-H 'Authorization: Bearer '$access_token
```

View file

@ -19,4 +19,6 @@ keycloak.access_token['/sub']
keycloak.access_token['/preferred_username']
keycloak.access_token['/custom_claim']
resource_id
user_id
ticket_id
$evaluation.grant()