| Excerpt from Android SDK docs of the same thing:
Once a UserPrincipal has been retrieved the roles of the user can be listed and checked. This can be used to perform client side access control, such as hiding UI components related to actions the user doesn't have permissions to perform.
To list a users roles the UserPrincipal#getRoles method can be invoked.
Roles are divided into two types. Resource roles which belong to the client the user has authenticated against, and Realm roles which belong to the realm the client is in.
To list a users realm roles the UserPrincipal#getRealmRoles method can be invoked and to list a users resource roles the UserPrincipal#getResourceRoles can be invoked.
In order to check if a user has a specific role you can invoke the UserPrincipal#hasResourceRole and UserPrincipal#hasRealmRole methods and provide the role name to check for.
// authService already initialized.
AuthService authService = MobileCore.getInstance().getService(AuthService.class);
UserPrincipal currentUser = authService.currentUser();
boolean hasAdminPermissions = currentUser.hasRealmRole("user_admin");
if (hasAdminPermissions)
Unknown macro: { // Show some component. }
// Check if a user has a role from a specific resource named my_resource.
boolean isModerator = currentUser.hasResourceRole("my_resource", "user_moderator");
if (isModerator)
Unknown macro: { // Enable some button. }
We don't have these in JS SDK:
1. Auth.getRoles(): all roles combined (realm roles and resource roles)
2. Auth.getResourceRoles()
3. Auth.hasResourceRole() Keycloak JS lib supports all of these |
