[keycloak-user] roles in the user-info response
Simon Payne
simonpayne58 at gmail.com
Fri Oct 12 06:58:22 EDT 2018
Hi,
We have an existing system which we would like to integrate with keycloak.
This system has a legacy authorization model, which is fairly complex and
fine grained.
Users of this system have many hundreds of roles which in some cases
results in the token being too large, breaking the header size.
I was hoping that by limiting the roles within the token, through scope,
and an endpoint similar to user-info or token introspection, we could
determine which roles or resources the user is allowed to access through
validated identity.
however, i found that by limiting the scope for the access token, the roles
are not returned as part of the user-info response.
is anyone aware of any alternatives which will allow me to test roles
associated with the user , at the resource server, without them being
present in the access token?
thanks
Simon.
More information about the keycloak-user
mailing list