Can you elaborate a bit on your use-case? Why would you have users that are not allowed to authenticate?

On 28 July 2016 at 11:01, gambol <> wrote:


Assuming you have a realm with x client defined and each have a APP-USER role. Is there a way to authenticate a user only if the user have the role associated? ... 

Obviously I can check the check the access token, or place a proxy in-front which does that for me, but is there a native way of saying ask for this scope and if you don't have it you are denied

Best Regards .. 

keycloak-dev mailing list