Skip to content

3. uma

Jump to bottom
zhoumingjun edited this page Jul 29, 2019 · 1 revision 
export host=10.107.1.195
export port=8080
export realm=master
export client_s1_id=client_s1
export client_s1_secret=7cea1be0-7c85-4de3-8a9e-87bff545b668
export client_c1_id=client_c1
export client_c1_secret=fd438ba9-e648-4c2d-acfd-9267501b1533
# discovery
curl http://$host:$port/auth/realms/$realm/.well-known/uma2-configuration | jq

# obtaining permissions
# use client_c1 as to access 
access_token=`curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=$client_c1_id" \
    -d "client_secret=$client_c1_secret" \
    -d "audience=$client_s1_id"   | jq .access_token -r` 

jwt $access_token

curl -X POST \
  http://$host:$port/auth/realms/$realm/protocol/openid-connect/token \
  -H "Authorization: Bearer $access_token" \
  -d "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
  | jq .access_token -r | jwt 

curl -X POST \
  http://$host:$port/auth/realms/$realm/protocol/openid-connect/token \
  -H "Authorization: Bearer $access_token" \
  -d "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
  -d "audience=$client_s1_id" | jq .access_token -r | jwt 


basic_token=`echo -n "$client_c1_id:$client_c1_secret" |openssl enc -base64 `
curl -X POST \
  http://$host:$port/auth/realms/$realm/protocol/openid-connect/token \
  -H "Authorization: Basic $basic_token" \
  -d "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket"  \
  -d "audience=$client_s1_id" | jq .access_token -r | jwt

PAT

# get client token
pat=`curl -X POST \
    http://$host:$port/auth/realms/$realm/protocol/openid-connect/token \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials&client_id=${client1_id}&client_secret=${client1_secret}" \
    | jq .access_token -r`

#  Managing Resources
curl -v -X GET \
  http://$host:$port/auth/realms/$realm/authz/protection/resource_set \
  -H "Authorization: Bearer $pat"

curl -v -X POST \
  http://$host:$port/auth/realms/$realm/authz/protection/resource_set \
  -H "Authorization: Bearer $pat" \
   -H 'Content-Type: application/json' \
  -d '{
     "name":"Alice Resource",
     "owner": "user"
  }'

  http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission

8.3 UMA

pat=`curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=$client_s1_id" \
    -d "client_secret=$client_s1_secret"  \
    | jq .access_token -r`

jwt $pat


curl -v -X POST "http://${host}:${port}/auth/realms/${realm}/authz/protection/resource_set" \
  -H 'Authorization: Bearer '$pat \
  -H 'Content-Type: application/json' \
  -d '{
     "name":"Tweedl Social Service1",
     "type":"http://www.example.com/rsrcs/socialstream/140-compatible",
     "icon_uri":"http://www.example.com/icons/sharesocial.png",
     "resource_scopes":[
         "read-public",
         "post-updates",
         "read-private",
         "http://www.example.com/scopes/all"
      ]
  }'

curl -v -X POST "http://${host}:${port}/auth/realms/${realm}/authz/protection/resource_set" \
  -H 'Authorization: Bearer '$pat \
  -H 'Content-Type: application/json' \
  -d '{
     "name":"Tweedl Social Service2",
     "owner": "user1"
  }'

curl -v -X POST "http://${host}:${port}/auth/realms/${realm}/authz/protection/resource_set" \
  -H 'Authorization: Bearer '$pat \
  -H 'Content-Type: application/json' \
  -d '{
     "name":"Tweedl Social Service3",
     "owner": "user1",
     "ownerManagedAccess": true
  }'

<<AllPages()>>

Clone this wiki locally