我一直在努力解决这个问题,并想知道是否其他人也有同样的问题。
正如 FIWARE 教程所建议的那样,我有一个使用docker 运行的Keyrock 7.8.0 + MySQL 架构。我可以通过 localhost:3005 访问 GUI 和 API。一切似乎都可以通过带有管理员用户的 GUI 正常工作,但是在使用 admin Auth-Token向用户授予角色时
curl -X PUT \
http://localhost:3005/v1/applications/20f9bc1d-a9d1-45af-bdd9-f96fdc7a1ec9/users/c8336e47-8e3b-4081-b0f7-b2a3431847d7/roles/55e8a41c-52b5-4ef9-ad9c-ef60762d32e3 \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Length: 0' \
-H 'Content-Type: application/json' \
-H 'Cookie: session=eyJyZWRpciI6Ii8ifQ==; session.sig=TqcHvLKCvDVxuMk5xVfrKEP-GSQ' \
-H 'Host: localhost:3005' \
-H 'Postman-Token: cb7e8ae3-87b4-4d8e-9fb7-a66ef439a7cf,7f736505-8c7e-4991-8449-ebd6e54714f7' \
-H 'User-Agent: PostmanRuntime/7.19.0' \
-H 'X-Auth-token: f20c72c6-7c2a-4d8e-8d48-568e1c4e47d6' \
-H 'cache-control: no-cache'
或组织,
curl -X PUT \
http://localhost:3005/v1/applications/20f9bc1d-a9d1-45af-bdd9-f96fdc7a1ec9/organizations/d98534f7-ecaa-4c38-93cc-c17d87f010ee/roles/55e8a41c-52b5-4ef9-ad9c-ef60762d32e3/organization_roles/member \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Length: 0' \
-H 'Content-Type: application/json' \
-H 'Cookie: session=eyJyZWRpciI6Ii8ifQ==; session.sig=TqcHvLKCvDVxuMk5xVfrKEP-GSQ' \
-H 'Host: localhost:3005' \
-H 'Postman-Token: 11fc3dbb-8484-482f-8bc1-af89dcdeebb5,8bfdcdb5-f200-4bee-bcee-a8f6d83b18f0' \
-H 'User-Agent: PostmanRuntime/7.19.0' \
-H 'X-Auth-token: f20c72c6-7c2a-4d8e-8d48-568e1c4e47d6' \
-H 'cache-control: no-cache'
它只是在正文中响应此错误:
{
"error": {
"message": "User not allow to perform the action",
"code": 403,
"title": "Forbidden"
}
}
任何人都知道同一个用户如何有权通过 GUI 而不是通过 API 做某事?