<div dir="ltr">I am building keycloak prototype apps that demonstrate authentication against deployed keycloak server. I have 2 js client apps under the same web-server with 2 different keycloak client JSON.<div><br></div><div>I have: </div><div><br></div><div>- Created realm -&gt;  poc-realm</div><div>- Created clients for poc apps to authenticate against -&gt; app1 and app2</div><div>- Created roles in</div><div>       app1 -&gt; app1-user-role</div><div>       app2 -&gt; app2-user-role</div><div>- Created users -&gt; app1-user and app2-user</div><div>- Assigned roles -&gt; app1-user-role to app1-user, app2-user-role to app2-user</div><div><br></div><div>When I try to get redirected keycloak login for app1, I am able to login with app1-user and app2-user, and similarly I am able to login into app2 with app1-user and app2-user.</div><div><br></div><div>Am I missing something? How do I ensure that app1-user isn&#39;t able to log into app2, and app2-user into app1? </div><div><br></div><div>Although note that I have the same url patterns for <b>Valid Redirect URIs </b>of both clients.</div><div><br></div><div>My JSON keycloak clients are correct:</div><div><br></div><div><div>{</div><div>  &quot;realm&quot;: &quot;poc-realm&quot;,</div><div>  &quot;realm-public-key&quot;: &quot;MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryTAZE2+d/7uKduayhQlInhnD43jdPyBttVbERLXO7wN9juXIuO5SR5P75aIcy1Fpf5VTrL2Neb4iLeEGgTUHM7b0ycjNgK40CXcwhneSn0EIogDLqXfJ87efwH2UYG//3cWZsB9PjX440Yq4uh/pBs5aTw7hHhvlaF/LRTBibhpcy7N/cKPp2PRkhQbWX79EfIsFLg8IKDryazYkdsVoaVI20aeOyb9mfXSU+h7ZUZIKhY4hhtSK004ToD73HQvJ5U61Zv7UAEtKHOD928SO0/VijFkGCh7fHtOA4kNJhV6D7RehThz/llDE3rfs4wkO24L0j/hAss30OSQNnAD1QIDAQAB&quot;,</div><div>  &quot;auth-server-url&quot;: &quot;[server URL]/auth&quot;,</div><div>  &quot;ssl-required&quot;: &quot;external&quot;,</div><div>  &quot;resource&quot;: &quot;app1&quot;,</div><div>  &quot;credentials&quot;: {</div><div>    &quot;secret&quot;: &quot;e119ccf7-5c5a-4681-b4fa-fcca1b3de3b3&quot;</div><div>  },</div><div>  &quot;use-resource-role-mappings&quot;: true</div><div>}</div></div><div><br></div><div>and</div><div><br></div><div><div>{</div><div>  &quot;realm&quot;: &quot;poc-realm&quot;,</div><div>  &quot;realm-public-key&quot;: &quot;MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryTAZE2+d/7uKduayhQlInhnD43jdPyBttVbERLXO7wN9juXIuO5SR5P75aIcy1Fpf5VTrL2Neb4iLeEGgTUHM7b0ycjNgK40CXcwhneSn0EIogDLqXfJ87efwH2UYG//3cWZsB9PjX440Yq4uh/pBs5aTw7hHhvlaF/LRTBibhpcy7N/cKPp2PRkhQbWX79EfIsFLg8IKDryazYkdsVoaVI20aeOyb9mfXSU+h7ZUZIKhY4hhtSK004ToD73HQvJ5U61Zv7UAEtKHOD928SO0/VijFkGCh7fHtOA4kNJhV6D7RehThz/llDE3rfs4wkO24L0j/hAss30OSQNnAD1QIDAQAB&quot;,</div><div>  &quot;auth-server-url&quot;: &quot;[server URL]/auth&quot;,</div><div>  &quot;ssl-required&quot;: &quot;external&quot;,</div><div>  &quot;resource&quot;: &quot;app2&quot;,</div><div>  &quot;credentials&quot;: {</div><div>    &quot;secret&quot;: &quot;e119ccf7-5c5a-4681-b4fa-fcca1b3de3b3&quot;</div><div>  },</div><div>  &quot;use-resource-role-mappings&quot;: true</div><div>}</div></div><div><br></div><div><br></div><div>Thanks for help.</div></div>