[keycloak-user] default permissions

Corentin Dupont corentin.dupont at gmail.com
Thu Nov 9 11:06:52 EST 2017

Another question: how to apply default authorizations?

I want to protect my API with authorization in Keycloak. However some
resources should be open to the public, accessible without any bearer token.
My idea was:
- create an "unregistered_user" composite role, containing some basic roles
- create a "guest" user, with the unregistered_user role
- on the API server, if there is no token in the request I will get the
roles of the guest user and user them. If there is a token, I'll use that
user permissions.
What do you think of that process?


More information about the keycloak-user mailing list