libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
keycloak-scim/authorization_services/topics/service-authorization-discovery-document.adoc
Pedro Igor 867eff3e5d [KEYCLOAK-3169] - UMA 2.0 related changes (#325) 
* [KEYCLOAK-3169] - Updating authz services doc

* [KEYCLOAK-3169] - Section about changes to user account service

* [KEYCLOAK-3169] - Removing UMA 1.0 references

* [KEYCLOAK-3169] - RH-SSO images

* [KEYCLOAK-3169] - Updating Keycloak images

* [KEYCLOAK-3169] - Review

* [KEYCLOAK-3169] - Review
2018-02-28 08:53:43 +01:00

52 lines
No EOL
2.3 KiB
Text
Raw Blame History

[[_service_authorization_api]]
= Discoverying Authorization Services Endpoints and Metadata
{project_name} provides a discovery document from which clients can obtain all necessary information to interact with
{project_name} Authorization Services, including endpoint locations and capabilities.
The discovery document can be obtained from:
```bash
curl -X GET \
http://${host}:${port}/auth/realms/${realm}/.well-known/uma2-configuration
```
Where `${host}:${port}` is the hostname (or IP address) and port where {project_name} is running and `${realm}` is the name of
a realm in {project_name}.
As a result, you should get a response as follows:
```bash
{
// some claims are expected here
// these are the main claims in the discovery document about Authorization Services endpoints location
"token_endpoint": "http://${host}:${post}/auth/realms/${realm}/protocol/openid-connect/token",
"token_introspection_endpoint": "http://${host}:${post}/auth/realms/${realm}/protocol/openid-connect/token/introspect",
"resource_registration_endpoint": "http://${host}:${post}/auth/realms/${realm}/authz/protection/resource_set",
"permission_endpoint": "http://${host}:${post}/auth/realms/${realm}/authz/protection/permission"
}
```
Each of these endpoints expose a specific set of capabilities:
* **token_endpoint**
+
A OAuth2-compliant Token Endpoint that supports the `urn:ietf:params:oauth:grant-type:uma-ticket` grant type. Through this
endpoint clients can send authorization requests and obtain an RPT with all permissions granted by {project_name}.
+
* **token_introspection_endpoint**
+
A OAuth2-compliant Token Introspection Endpoint which clients can use to query the server to determine the active state of an RPT
and to determine any other information associated with the token, such as the permissions granted by {project_name}.
+
* **resource_registration_endpoint**
+
A UMA-compliant Resource Registration Endpoint which resource servers can use to manage their protected resources and scopes. This endpoint provides
operations create, read, update and delete resources and scopes in {project_name}.
+
* **resource_registration_endpoint**
+
A UMA-compliant Permission Endpoint which resource servers can use to manage permission tickets. This endpoint provides
operations create, read, update, and delete permission tickets in {project_name}.
Reference in a new issue View git blame Copy permalink