libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #55 from jenmalloy/latest-upstream-changes

Browse source 
fixed 'a RPT' and some wording
This commit is contained in:
Jen Malloy 2017-01-06 14:14:45 -05:00 committed by GitHub
commit ee7e4f26fe
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
topics/overview/architecture.adoc
View file

@ -119,9 +119,9 @@ For more information, see <<fake/../../service/protection/protection-api.adoc#_s
The Authorization API is also a https://docs.kantarainitiative.org/uma/rec-uma-core.html[UMA-compliant] endpoint providing a single operation that exchanges an Access Token and <<fake/.././terminology.adoc#_overview_terminology_permission_ticket, Permission Ticket>> with a Requesting Party Token (RPT). The Authorization API is also a https://docs.kantarainitiative.org/uma/rec-uma-core.html[UMA-compliant] endpoint providing a single operation that exchanges an Access Token and <<fake/.././terminology.adoc#_overview_terminology_permission_ticket, Permission Ticket>> with a Requesting Party Token (RPT).
The RPT holds all permissions granted to a client and can be used to call a resource server to get access to its protected resources. The RPT contains all permissions granted to a client and can be used to call a resource server to get access to its protected resources.
When asking a RPT you can also provide a previously issued RPT. In this case, the resulting RPT will consist of the union of the permissions from the previously RPT and the new ones When requesting an RPT you can also provide a previously issued RPT. In this case, the resulting RPT will consist of the union of the permissions from the previous RPT and the new ones
within a permission ticket. within a permission ticket.
image:../../images/authz-calls.png[alt="Authorization API Overview"] image:../../images/authz-calls.png[alt="Authorization API Overview"]

8
topics/service/protection/token-introspection.adoc
View file

@ -8,15 +8,15 @@ There are two main use cases where token introspection can help you:
* When client applications need to query the token validity to obtain a new one with the same or additional permissions * When client applications need to query the token validity to obtain a new one with the same or additional permissions
* When enforcing authorization decisions at the resource server side, especially when none of the built-in <<fake/../../../enforcer/overview.adoc#_enforcer_overview, policy enforcers>> fits your application * When enforcing authorization decisions at the resource server side, especially when none of the built-in <<fake/../../../enforcer/overview.adoc#_enforcer_overview, policy enforcers>> fits your application
==== Obtaining Information about a RPT ==== Obtaining Information about an RPT
The token introspection is essentially a https://tools.ietf.org/html/rfc7662[OAuth2 token introspection]-compliant endpoint from which you can obtain information about a RPT. The token introspection is essentially a https://tools.ietf.org/html/rfc7662[OAuth2 token introspection]-compliant endpoint from which you can obtain information about an RPT.
```bash ```bash
http://${host}:${port}/auth/realms/${realm_name}/protocol/openid-connect/token/introspect http://${host}:${port}/auth/realms/${realm_name}/protocol/openid-connect/token/introspect
``` ```
To introspect a RPT using this endpoint, you can send a request to the server as follows: To introspect an RPT using this endpoint, you can send a request to the server as follows:
```bash ```bash
curl -X POST \ curl -X POST \
@ -65,7 +65,7 @@ If the RPT is not active, this response is returned instead:
} }
``` ```
==== Do I Need to Invoke the Server Every Time I want to Introspect a RPT? ==== Do I Need to Invoke the Server Every Time I Want to Introspect an RPT?
No. Both <<fake/../../../service/authorization/authorization-api.adoc#_service_authorization_api, Authorization>> and <<fake/../../../service/entitlement/entitlement-api.adoc#_service_entitlement_api, Entitlement>> APIs use the No. Both <<fake/../../../service/authorization/authorization-api.adoc#_service_authorization_api, Authorization>> and <<fake/../../../service/entitlement/entitlement-api.adoc#_service_entitlement_api, Entitlement>> APIs use the
https://tools.ietf.org/html/rfc7519[JSON web token (JWT)] specification as the default format for RPTs. https://tools.ietf.org/html/rfc7519[JSON web token (JWT)] specification as the default format for RPTs.