libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Metadata only allowed when using POST

Browse source
This commit is contained in:
Pedro Igor 2017-06-02 19:00:48 -03:00
parent a37fce4e5d
commit e565a6ecbc
1 changed files with 6 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
authorization_services/topics/service/entitlement/entitlement-request-metadata.adoc
View file

@ -7,7 +7,7 @@ they expect to obtain the permissions.
```bash ```bash
curl -X POST -H "Authorization: Bearer ${access_token}" -d '{ curl -X POST -H "Authorization: Bearer ${access_token}" -d '{
"metadata" : { "metadata" : {
"includeresourcename" : false "include_resource_name" : false
}, },
"permissions" : [ "permissions" : [
... ...
@ -15,28 +15,25 @@ curl -X POST -H "Authorization: Bearer ${access_token}" -d '{
}' "http://${host}:${port}/auth/realms/${realm_name}/authz/entitlement/{client_id}" }' "http://${host}:${port}/auth/realms/${realm_name}/authz/entitlement/{client_id}"
``` ```
When using HTTP GET metadata information can be sent using a query parameter ```metadata```. For instance: [NOTE]
The Entitlement API endpoint only allows passing metadata along an entitlement request when using HTTP POST.
```bash
curl -X GET "http://${host}:${port}/auth/realms/${realm_name}/authz/entitlement/{client_id}?metadata=includeresourcename=false"
```
The following sections will explain how and when you can use the different information you can include in an entitlement request as a metadata. The following sections will explain how and when you can use the different information you can include in an entitlement request as a metadata.
==== Decide whether or not resource's name should be included the response ==== Decide whether or not resource's name should be included the response
.includeresourcename .include_resource_name
```bash ```bash
curl -X POST -H "Authorization: Bearer ${access_token}" -d '{ curl -X POST -H "Authorization: Bearer ${access_token}" -d '{
"metadata" : { "metadata" : {
"includeresourcename" : false "include_resource_name" : false
}, },
"permissions" : [ "permissions" : [
... ...
] ]
}' "http://${host}:${port}/auth/realms/${realm_name}/authz/entitlement/{client_id}" }' "http://${host}:${port}/auth/realms/${realm_name}/authz/entitlement/{client_id}"
``` ```
Clients can use ```includeresourcename``` to decide whether or not resource`s name should be included on each permission granted by the server. This option Clients can use ```include_resource_name``` to decide whether or not resource`s name should be included on each permission granted by the server. This option
can be used to reduce the size of RPTs and optimize client-server communication. can be used to reduce the size of RPTs and optimize client-server communication.
By default, permissions in a RPT contain both the id and name of the resource that was granted for every single permission. This option is specially useful By default, permissions in a RPT contain both the id and name of the resource that was granted for every single permission. This option is specially useful