keycloak-nodejs-connect - enforcer permision usage
138 views
Skip to first unread message
Andrew Cottrell
Apr 26, 2021, 1:16:18 AM4/26/21
to Keycloak User
Hi,
If I use
keycloak.enforcer(['res:read']) then the autual post to the keycloak server has the permission
res#read due to the permission being split in the enforcer.js Line 20 code based on : , but when the join occurs in grant_manager.js line 163 the join uses #.
In keycloak I have the resource names in Clients->PetStore_CLIENT->Authorization->Resources set to
res:read .
If I use curl using the permission
res:read I get the expected results, so keycloak works.
The curl command I use is:
curl -X POST http://localhost:8080/auth/realms/realm_PetStore/protocol/openid-connect/token \
-H "Content-Type:application/x-www-form-urlencoded" \
-H "X-Client:keycloak-nodejs-connect" \
-H "Authorization: Basic ......." \
-d "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
-d "audience=PetStore_CLIENT" \
-d "response_mode=permissions" \
-d "subject_token=......" \
-d "permission=res:read"
-H "Content-Type:application/x-www-form-urlencoded" \
-H "X-Client:keycloak-nodejs-connect" \
-H "Authorization: Basic ......." \
-d "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
-d "audience=PetStore_CLIENT" \
-d "response_mode=permissions" \
-d "subject_token=......" \
-d "permission=res:read"
Is this a bug in the keycloak-nodejs-connect library or should I not be using colons in the names?
Reply all
Reply to author
Forward
0 new messages