----------------------------
* Add policy enforcement support to Keycloak Proxy
* Node.js adapter
Comments:
---------------
* JS Policy - I found it hard to figure out how to write these, especially since the docs are showing Java interfaces
* Attribute based policy - We don't seem to have a simple attribute based policy, should we not have this?
* Default policy (only from realm) - This default makes no sense. I'd suggest removing or replacing with something that's more obvious like "require user to have an email set"
* Time policy - what about date/time ranges (Mon-Fri, 9am to 17pm, 18-20th June, etc..)
* Evaluate in console - this is a bit awkward to use. I propose we add a "view example token" option to clients that can be used to show how a token would look like for a specific user. This would be useful when figuring out protocol mappers, etc.. Then we could piggy back on this feature in the evaluation so "real" values from a token could be used when testing policies rather than having to manually add all values. This is especially relevant to abac based policies.
* Role policy - can only select realm level roles. What about client roles?
* Scope - is scope not already a very overused term? Could we call this actions, operations or something else?
* Usability - it's easier to find policies and resources on the tabs than it is when creating a permission. Maybe we could add a modal panel that helps to find resources and policies?