org.keycloak.services.resources.admin

Class ClientScopeEvaluateScopeMappingsResource

java.lang.Object

org.keycloak.services.resources.admin.ClientScopeEvaluateScopeMappingsResource

public class ClientScopeEvaluateScopeMappingsResource
extends Object

Author:

Marek Posolda

Constructor Summary

Constructors

Constructor and Description
ClientScopeEvaluateScopeMappingsResource(RoleContainerModel roleContainer, AdminPermissionEvaluator auth, ClientModel client, String scopeParam, KeycloakSession session)

Method Summary

Modifier and Type	Method and Description
Stream<RoleRepresentation>	getGrantedScopeMappings() Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.
Stream<RoleRepresentation>	getNotGrantedScopeMappings() Get roles, which this client doesn't have scope for and can't have them in the accessToken issued for him.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientScopeEvaluateScopeMappingsResource

public ClientScopeEvaluateScopeMappingsResource(RoleContainerModel roleContainer,
                                                AdminPermissionEvaluator auth,
                                                ClientModel client,
                                                String scopeParam,
                                                KeycloakSession session)

Method Detail

getGrantedScopeMappings

@Path(value="/granted")
 @GET
 @Produces(value="application/json")
public Stream<RoleRepresentation> getGrantedScopeMappings()

Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him. This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.

Returns:

getNotGrantedScopeMappings

@Path(value="/not-granted")
 @GET
 @Produces(value="application/json")
public Stream<RoleRepresentation> getNotGrantedScopeMappings()

Get roles, which this client doesn't have scope for and can't have them in the accessToken issued for him. Defacto all the other roles of particular role container, which are not in getGrantedScopeMappings()

Returns: