Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-10653

Manage Application Consent via Account REST API

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Minor
    • Resolution: Done
    • None
    • 7.0.0
    • Account - REST API
    • None

    Description

      Based on the idea of my colleague https://lists.jboss.org/pipermail/keycloak-dev/2019-May/012085.html we propose to modify the consent for a specific application on behalf of the user via the account REST API.

      For our first draft we propose:
      in the account controller https://github.com/keycloak/keycloak/blob/fdc0943a92f75cd55192b40931255f480bdf1133/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java

      there will be new endpoints:

      • /applications/ GET
        • returns a list of all available applications
      • /applications/<id> GET
        • returns the application with the given id
      • /applications/<id>/consent GET
        • returns the list of scopes granted for the application wit the given id
      • /applications/<id>/consent POST
        • creates a new consent for the application with the given id. expects a list of scopes
      • /applications/<id>/consent PUT
        • updates the consent for the application with the given id. expects a list of scopes
      • /applications/<id>/consent DELETE
        • deletes the consent for the application with the given id.

      Besides the new endpoints there will be new roles on the account client.

      • view-applications
        • basic read access to query applications
      • view-consent
        • composite role consisting of the view-applications role, grants read access to consents
      • manage-consent
        • composite roles consisting of the view-consent role, grants write access to consents

      Attachments

        Activity

          People

            boliveir_managed_kafka_security (inactive user) Bruno Oliveira Silva (Inactive)
            leon.graser@bosch-si.com Leon Graser (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: