/uma/permission_request
UMA permission endpoint, as defined in the Federated Authorization for User-Managed Access (UMA) 2.0 specification.
Use this endpoint to request permission tickets to the authorization server during the UMA grant flow.
Supported HTTP methods
| Action | HTTP method |
|---|---|
Request |
POST |
You must compose the path to the token endpoint addressing the specific realm where the token will be issued.
For example, https://openam.example.com:8443/openam/uma/realms/root/realms/subrealm1/permission_request.
The permission request endpoint does not support any parameters.
To authenticate to the endpoint, send an Authorization: Bearer header with the PAT of the resource owner.
To request a ticket, send an HTTP POST request to the endpoint specifying the resource and the scope that the permission ticket applies to in the payload, as a JSON object that follows the UMA 2.0 specification. For example:
$ curl -X POST \
--header 'authorization: Bearer 057ad16f-7dba-4049-9f34-e609d230d43a' \
--header 'content-type: application/json' \
--data '[
{
"resource_id" : "ef4d750e-3831-483b-b395-c6f059b5e15d0",
"resource_scopes" : ["download"]
}
]' \
"https://openam.example.com:8443/openam/uma/realms/root/realms/alpha/permission_request"
{
"ticket": "eyJ0eXAiOiJ…XPeJi3E"
}Both of the objects in the JSON body are required. To obtain the resource ID, query the /uma/resource_set endpoint.
|
The default lifetime for a permission ticket is 120 seconds. To change it, go to Realms > Realm Name > Services > UMA Provider, and edit the Permission Ticket Lifetime property. |
For an example of requesting a permission ticket in the flow, see UMA grant flow.