[keycloak-user] default permissions
corentin.dupont at gmail.com
Thu Nov 9 11:06:52 EST 2017
Another question: how to apply default authorizations?
I want to protect my API with authorization in Keycloak. However some
resources should be open to the public, accessible without any bearer token.
My idea was:
- create an "unregistered_user" composite role, containing some basic roles
- create a "guest" user, with the unregistered_user role
- on the API server, if there is no token in the request I will get the
roles of the guest user and user them. If there is a token, I'll use that
What do you think of that process?
More information about the keycloak-user