We've added role entity for the realms. It is designed to aggregate users' token rules management and share common practices (such as complex ACLs) between different users.
Each realm now has default role, which contains Users' home (home in REST API) and Default users' token parameters (token_params in REST API) attributes, previously stored as root attributes of the realm object.
Each custom role is based either on the realm default role, or on the another custom role, based on the realm default role. Each user also may have its own role, if the realm default role does not suit the needs. Only user role defines the final token rules (home and token_params) which are applied to the user's token. User role can be based either on the realm default role or on the custom role.
It is possible to override Token home (home in REST API) and Token parameters (token_params in REST API) attributes for custom and user roles. If those parameters are not defined, then their values are obtained from the corresponding values of the base role.
All old REST API requests (realms and users management without roles) continue working fine, but soon will be marked as deprecated.
In order to migrate to the new REST API you need to modify requests which work with the realms and users.
For the realms you need to move home and token_params values into the new role object. For example, the following JSON value
{
"name": "realm1",
"home": {
"type": 0
},
"token_params": {
"access": {
"type": 0
},
"ttl": 1
}
}
starts looking like this
{
"name": "realm1",
"role": {
"home": {
"type": 0
},
"token_params": {
"access": {
"type": 0
},
"ttl": 1
}
}
}
For the users you need to move home and token_params values into the new role object with additional property type of the string value inherit.default. For example, the following JSON value
{
"name": "user1",
"home": null,
"token_params": {
"access": {
"type": 0
},
"ttl": 1
}
}
starts looking like this
{
"name": "user1",
"role": {
"type": "inherit.default",
"home": null,
"token_params": {
"access": {
"type": 0
},
"ttl": 1
}
}
}