Using with the dotnet sdk even with the default js policy when I add a resource and link it to a Role-based permission I can no longer make use of the KeycloakProtectionClient. I have tried to debug and the decision comes back as false everytime. Additionally, I changed the code to have "response_mode" of type "permissions" so that I can see the result and it returns: "{"error":"access_denied","error_description":"not_authorized"}". I can call the Admin Api and get my resources/scopes just fine, but that is a hack that will not scale.
I feel like there is an appropriate way to stack permissions such that when the call is made to get a list of resources for the client in VerifyAccessToResource it will return everything the client can do when response_type permissions is provided and it will properly validate when response_type decision is provide but I can't seem to get anywhere.
Thanks ahead of any advice / help. The Scopes, Resources, Policies, Permissions, and Roles are attached.
[
{
"name": "Blocks",
"type": "urn:co:resource:blocks",
"owner": {
"id": "aff7a98e-4402-4c63-99af-19927b7bfe9d",
"name": "co"
},
"ownerManagedAccess": true,
"attributes": {},
"_id": "79a1c4c7-b1b3-4f6e-b455-4e4baadd649d",
"uris": [
"/*"
],
"scopes": [
{
"id": "299937e5-73e0-4513-9b97-2e9ed3b61c95",
"name": "view",
"iconUri": ""
},
{
"id": "1ee55b71-7e6f-4b30-a50c-64a3a18af4ef",
"name": "edit",
"iconUri": ""
},
{
"id": "8c8d05d3-6d10-48cb-9b25-8665e60e5c9b",
"name": "delete",
"iconUri": ""
},
{
"id": "12037d09-97ad-4ecc-96ab-8616498f7902",
"name": "create",
"iconUri": ""
}
],
"icon_uri": ""
},
{
"name": "Units",
"type": "urn:co:resource:units",
"owner": {
"id": "aff7a98e-4402-4c63-99af-19927b7bfe9d",
"name": "co"
},
"ownerManagedAccess": true,
"attributes": {},
"_id": "e54612c3-5acd-435c-9ea4-07c7c25914ff",
"uris": [
"/*"
],
"scopes": [
{
"id": "299937e5-73e0-4513-9b97-2e9ed3b61c95",
"name": "view",
"iconUri": ""
},
{
"id": "1ee55b71-7e6f-4b30-a50c-64a3a18af4ef",
"name": "edit",
"iconUri": ""
},
{
"id": "8c8d05d3-6d10-48cb-9b25-8665e60e5c9b",
"name": "delete",
"iconUri": ""
},
{
"id": "12037d09-97ad-4ecc-96ab-8616498f7902",
"name": "create",
"iconUri": ""
}
],
"icon_uri": ""
}
]
[
{
"id": "730919c0-7840-4048-adc7-91110f9a3373",
"name": "BlocksPermission",
"description": "",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {}
},
{
"id": "46d8703b-9c0e-40b2-ba70-ad9ee6ff3253",
"name": "CoOidcClientPermission",
"description": "",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {}
},
{
"id": "bcc89740-e256-45bf-aeee-a9c7c3e15ded",
"name": "CoOidcClientPolicy",
"description": "",
"type": "client",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"clients": "[\"aff7a98e-4402-4c63-99af-19927b7bfe9d\"]"
}
},
{
"id": "cfe8544d-1ffc-4d1e-948c-d1f779123f22",
"name": "ContributorRolePolicy",
"description": "",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"roles": "[{\"id\":\"fbd13ea1-cb09-464a-9c9b-0d20d56c8a5c\",\"required\":true}]"
}
},
{
"id": "211b5959-506a-4fda-bfd3-66f732e292c6",
"name": "GuestRolePolicy",
"description": "",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"roles": "[{\"id\":\"fe3da72c-ad1c-412b-a59e-82a6ee8fc0d7\",\"required\":true}]"
}
},
{
"id": "a0f8516a-70e6-4e9c-ba62-da6c0bf6b527",
"name": "UnitsPermission",
"description": "",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {}
}
]
Corey
