Add permission management documentation
This commit is contained in:
parent
ec0b70ed7e
commit
08af2ded72
2 changed files with 63 additions and 1 deletions
|
@ -71,3 +71,63 @@ curl -X POST \
|
|||
|
||||
Where these claims will be available to your policies when evaluating permissions for the resource and scope(s) associated
|
||||
with the permission ticket.
|
||||
|
||||
== Other non UMA-compliant endpoints
|
||||
|
||||
=== Creating permission ticket
|
||||
|
||||
To grant permissions for a specific resource with id {resource_id} to a user with id {user_id}, as an owner of the resource send an HTTP POST request as follows:
|
||||
|
||||
```bash
|
||||
curl -X POST \
|
||||
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
|
||||
-H 'Authorization: Bearer '$access_token \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"resource": "{resource_id}",
|
||||
"requester": "{user_id}",
|
||||
"granted": true,
|
||||
"scopeName": "view"
|
||||
}'
|
||||
```
|
||||
|
||||
=== Getting permission tickets
|
||||
|
||||
```bash
|
||||
curl http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
|
||||
-H 'Authorization: Bearer '$access_token
|
||||
```
|
||||
|
||||
You can use any of these query parameters:
|
||||
|
||||
* `scopeId`
|
||||
* `resourceId`
|
||||
* `owner`
|
||||
* `requester`
|
||||
* `granted`
|
||||
* `returnNames`
|
||||
* `first`
|
||||
* `max`
|
||||
|
||||
=== Updating permission ticket
|
||||
|
||||
```bash
|
||||
curl -X PUT \
|
||||
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
|
||||
-H 'Authorization: Bearer '$access_token \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"id": "{ticket_id}"
|
||||
"resource": "{resource_id}",
|
||||
"requester": "{user_id}",
|
||||
"granted": false,
|
||||
"scopeName": "view"
|
||||
}'
|
||||
```
|
||||
|
||||
=== Deleting permission ticket
|
||||
|
||||
```bash
|
||||
curl -X DELETE http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket/{ticket_id} \
|
||||
-H 'Authorization: Bearer '$access_token
|
||||
```
|
||||
|
|
|
@ -19,4 +19,6 @@ keycloak.access_token['/sub']
|
|||
keycloak.access_token['/preferred_username']
|
||||
keycloak.access_token['/custom_claim']
|
||||
resource_id
|
||||
user_id
|
||||
ticket_id
|
||||
$evaluation.grant()
|
Loading…
Reference in a new issue