Sequence: RO: Register Resource - ForgeRock/frdp-uma-resource-server GitHub Wiki

The process:

The Resource Owner (RO) controls the "life cycle" of their resources. The management of an actual "resource" (create, read, update, delete) is out-of-scope for the User Managed Access (UMA) specification. The Resource Server (RS), from an UMA perspective, enables the Resource Owner (RO) register resources and apply policies. The Resource Server (RS) will enforce Requesting Party (RqP) access to the resources. Requesting Parties (RqP) will only be allowed to perform operations against resources that have a proper policy.

This Reference Implementation uses an external Content Server (CS) to manage actual resources / documents. The management of actual resources / documents could be provided as an embedded capability of the Resource Server (RS).

The sequence:

This sequence covers the process related to a Resource Owner (RO) that registers an existing resource.

  • Resource Owner (RO) must be authenticated with the Authorization Server (AS)
    • This can be done prior to accessing the Resource Owner Application (ROA) with SSO Session or via an explicit login process
  • Resource Owner Application (ROA) issues a POST request to the Resource Server (RS) /manage/resources/{id}/register interface to register the resource
    • The request contains required and optional attributes that are used to perform operations.
    • The existing resource's meta data is read
  • Resource Server (RS) performs the UMA resource registration process
    • The registration process requires a Protection API Token (PAT). The PAT represents a authorization trust between the Resource Owner (RO), Resource Server (RS) and the Authorization Server (AS). See the Resource Owner: Acquire PAT sequence diagram for details.
    • Perform POST operation to the Authorization Server (AS), using the PAT, to register the resource. The registration process defines the "name", "type","icon_uri" and allowed scopes. An Authorization Server (AS) identifier is return along with a URI for an interface to manage the resource.
    • The resource's meta data is updated with the attributes returned from registration process. The resource state is set to "registered".
  • Resource Owner Application (ROA) receive response from registration operation
    • The interface is updated