[keycloak-user] Resource server implementation best practices?
Guus der Kinderen
guus.der.kinderen at gmail.com
Mon Nov 28 07:12:50 EST 2016
When implementing one or more services that, based on an access token,
expose data related to the user that's identified in the access token, is
there a "best practice" in regards to handling the available scopes?
I'm debating between having one resource server that exposes all data to
which the token grants access to, versus have a resource server "per
claim", that either returns data, or an error code, based on the presence
of a particular scope within the access token.
Is there a common approach / best practice that covers this?
More information about the keycloak-user