Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-19751

Missing Attributes by Querying RestAPI for Authorization Permissions

    XMLWordPrintable

Details

    • Enhancement
    • Status: Triage
    • Minor
    • Resolution: Unresolved
    • 15.0.2
    • None
    • Authorization Services
    • None
    • NEW
    • NEW
    • ---
    • ---

    Description

      When I query the API for the permissions on a client (URL: /auth/admin/realms/<realm_name>/clients/<client_id>/authz/resource-server/permission/resource/<resource_id>) I get the following JSON structure:

      {
        "id": "aaaaa-bbbbb-ccccc-ddddddddddddd",
        "name": "Name",
        "description": "Description",
        "type": "resource",
        "logic": "POSITIVE",
        "decisionStrategy": "UNANIMOUS"
      }
      

      The queried permission is linked to resources as well as to policies within the authorization sub-menu. Within the GUI I can see and edit these attributes. My guess is that these attributes should be included within the above given JSON structure.

       

      Background:

      I have defined a client with multiple resources and grant/deny access to users by defining permissions and correspondending policies. For auditing purposes I sometimes need to evaluate the granted permission on a per user basis on multiple clients. If I could query the set of clients, resources, permissions and policies by the API I could easily evaluate the granted access rights.

      Furthermore the export feature ("Export Settings") for the authorization settings contains more attributes, e.g.

      "config": {
              "defaultResourceType": "urn:<resource_name>:resources:default",
              "applyPolicies": "[\"Default Policy\"]"
            }
      

      Maybe I miss that another API resource exists which I can query for the specified attributes.

      If any information is missing, please feel free to ask.

      Attachments

        Activity

          People

            Unassigned Unassigned
            equalouter Hendrik Heß
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: