-
Type:
Enhancement
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: 4.1.0.Final, 4.2.1.Final, 4.3.0.Final
-
Fix Version/s: 4.4.0.Final
-
Component/s: Authorization Services
-
Labels:
-
Environment:
kubernetes/helm deployed keycloak 4.1.0.Final in standalone-ha config
-
Docs QE Status:NEW
-
QE Status:NEW
Given a valid bearer token
And a policy and resource scope permission exists
When I request a grant-type:uma-ticket RPT token without explicit permissions
Then the full set of authorized resources & scopes should return in the rpt token, including resources authorized by policy
Actual: Only uma granted resources/scopes return, policies/scope permissions are not evaluated
If I append a bogus &permission=blah#scope , then the policies & permissions are evaluated and the returned RPT token has the full permission set. It appears that any unresolveable resource/scope appended as an explicit permission causes the full set of resources to return for the specified scope.