We are looking at the possibility of creating slighly more complicated policies for UMA shares (for example, time bound shares). We were told to try creating a policy using the base policy API, rather than using the UMA API.
However, when we create an UMA policy as amadmin the user can't see the delegation in the UI.
Here is what we did:
1. Create a policy:
Then listing all the policies (as amadmin) I can see it:
I can check that the policy is working (the subject has access to the UMA resource)
But if I log in as the resource owner, I can't see the delegation in the dashboard.
(Looking briefly through the code it appears the UMA dashboard endpoints rely on the createdby attribute. As this policy has to be created by amadmin, the user cannot see it)