Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9176

Authorization Scope cannot be added to multiple permissions

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed
    • Minor
    • Resolution: Out of Date
    • 4.5.0.Final
    • None
    • Authorization Services
    • None
    • NEW
    • NEW

    Description

      I have created Authorization Scope e.g. - urn:myapp:allow. When I create 2 scope based permissions : Perm1 & Perm2 and add this scope to both, no error is shown and scope is successfully added and on Admin Console UI, it gets reflected in both the permissions.

      But when I look at the scopes in my Java client, I see that only 1 permission has that scope. (scope gets reflected in whichever permission, the scope is added at the end & It gets disappeared from previous permission). Example if scope is added to Perm1 and then to Perm2, only Perm2 will have that scope & vice versa.

      The way I checked the scopes is by intercepting request and obtaining permission list in my Java client.

      _
      KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());

      AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext();

      List<Permission> permList = (authzContext==null) ? null : authzContext.getPermissions();

      for(Permission perm : permList) {

      Set<String> scopeList = perm.getScopes();

      // other stuff
      }_

      If this is the intended behavior, then how can we reuse the scopes in multiple permissions?

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            testoauth55 Bruce Wings (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: