Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Allow fetching roles when evaluating role licies #27430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mposolda merged 1 commit into from
Mar 5, 2024
Merged

Allow fetching roles when evaluating role licies #27430

mposolda merged 1 commit into from
Mar 5, 2024

Conversation

@pedroigor
Copy link
Contributor

@pedroigor pedroigor commented Mar 1, 2024
edited
Loading

Closes #20736

  • Introduces a Fetch Roles setting to the role policy to allow checking for any role associated with the user. Otherwise, only roles available from the token that started the authorization request are considered (current behavior)
  • By enabling this option, clients can now leverage lightweight access tokens (as a subject token) because they are no longer forced to map roles to tokens.

@pedroigor pedroigor requested review from a team as code owners March 1, 2024 14:23
@pedroigor pedroigor force-pushed the issue-20736 branch 3 times, most recently from 396e93c to 0fefcf8 Compare March 1, 2024 14:35
@pedroigor pedroigor mentioned this pull request Mar 1, 2024
Closed
2 tasks
jonkoops
jonkoops previously approved these changes Mar 1, 2024
View reviewed changes
@keycloak-github-bot keycloak-github-bot bot mentioned this pull request Mar 1, 2024
Closed
jonkoops
jonkoops previously approved these changes Mar 1, 2024
View reviewed changes
@pedroigor
Copy link
Contributor Author

pedroigor commented Mar 4, 2024

@jonkoops Solving conflicts. @jonkoops Could you please re-approve?

@mposolda Would you mind reviewing and merging?

@mposolda mposolda merged commit d12711e into keycloak:main Mar 5, 2024
@pedroigor pedroigor deleted the issue-20736 branch March 5, 2024 15:13
@Romain7495 Romain7495 mentioned this pull request Jul 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mposolda mposolda mposolda approved these changes

+1 more reviewer

@jonkoops jonkoops jonkoops approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

flaky-test team/cloud-native team/core-clients team/core-iam team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

uma-ticket returns 403 even though user has access, when User Realm Role isn't present in access Token

3 participants

@pedroigor @jonkoops @mposolda