Resource vs Permission while authorizing user to a resource in Keycloak

Question

I am trying to authorize users to a resource in keycloak using resource-based permission.

using this documentation, I can make an API call to keycloak to know whether a particular user is authorized to access a particular resource or not.

Now to my question, if I am authorizing a resource, why am I required to pass permission in this API call?

curl -X POST \
   http://${host}:${port}/realms/${realm}/protocol/openid-connect/token \
   -H "Authorization: Bearer ${access_token}" \
   --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
   --data "audience={resource_server_client_id}" \
   --data "permission=Resource A#Scope A" \
   --data "permission=Resource B#Scope B"

to my surprise, it's actually resource that is being passed (Resource A#ScopeA and ResourceB#ScopeB) into the permission. Have I misunderstood keycloak's terms? If I have understood terms correctly then shouldn't it be resources or scopes in the API request body instead of permission?

I was expecting the API to ask for resource name instead of asking permission and expecting resource name in it.

Does this answer your question? [Resources, scopes, permissions and policies in Keycloak](https://stackoverflow.com/questions/42186537/resources-scopes-permissions-and-policies-in-keycloak) — Abhishek, May 24 '23 at 10:34
naah! I checked it already. My question is around what **permission** means in the API request body. — Aman Godara, May 24 '23 at 10:35

Resource vs Permission while authorizing user to a resource in Keycloak

0 Answers0