What

To provide client side access control in the mobile app, we will first require knowledge of the users roles. During the OpenID Connect authentication flow, an access token will be made available to the application. An array of roles for the user can be retrieved from the access token, which is just a JWT.

Why

• To provide access control on the client side.
• To allow the mobile app to communicate with a remote endpoint(s) that are protected by Keycloak.

How

The access token can be retrieved easily from the AppAuth AuthState class. A code example is available here.