Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-10020

Unable to get RPT by the name of a resource being shared via UMA

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide

      1. Create a resource with name `ResourceA`, user managed access: ON and assign ownership to some user
      2. As owner of the resource: in account web interface share this resource with another user
      3. As another user with whom the resource was shared: make this request:

      curl "$PROTOCOL://$HOST:$PORT/auth/realms/$REALM/protocol/openid-connect/token" \
      -H "Authorization: Bearer $ACCESS_TOKEN" \
      --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&permission=ResourceA&audience=$RESOURCE_CLIENT_ID"

      Expected behaviour: RPT with ResourceA permission in it
      Actual behaviour: Access Denied

      Show
      1. Create a resource with name `ResourceA`, user managed access: ON and assign ownership to some user 2. As owner of the resource: in account web interface share this resource with another user 3. As another user with whom the resource was shared: make this request: curl "$PROTOCOL://$HOST:$PORT/auth/realms/$REALM/protocol/openid-connect/token" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&permission=ResourceA&audience=$RESOURCE_CLIENT_ID" Expected behaviour: RPT with ResourceA permission in it Actual behaviour: Access Denied
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      User-made permissions (e.g. sharing through account panel) are not considered when requesting an RPT with resource name (not id)

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                georgebekh George Bekh-Ivanov
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: