Does keycloak support scope param? Can I intercept it to make a custom handler? (e.g. lookup DB data)
Sample Use Case: Keycloak has my custom UserFederation provides where I issue user lookup to my SQL DB, and determine access, next basing on the scope I like to post back to the app roles relevant to the scope param.
I know keycloak has static roles, but I need it contextual, such as - user is master in scope = A, but reader in scope = B. Since the range of scopes is dynamic and large, the use of client-ids is not sufficient.
I assume the scope can help me solving situation such as am I owned of an object?
I did days of debugging keycloak code and cannot find much even thought there is OAuth2Constants.Scope but may be that is something different?