Hello there,
This is exacly what I am struggling with at the moment. I have found a number of things which would need clarification in documentation as well as in examples:
- Custom user data properties/fields. It seems that one has to/ought to add custom properties to three places in the theme files: account, admin and registration. However, the ways to add them differ greatly, as each FTL template structure is quite different. (Account uses account.ftl; Admin uses partials/user-attribute-entry.ftl). Pattern definitions and explanations are missing from examples and documentation, as far as I can tell.
- Editable properties per role. Realm admins/editors could perhaps be able to edit all properties (except primary key/ID value) for all the users in a realm - but we would typically like to restrict which properties (both basic and custom attributes) are editable depending on the roles/privileges a user has in the realm. (For example, it would likely be a bad ide to permit users to change their names and birthday arbitrarily after registration). How do we restrict editability of normaly and custom user properteis - both in terms of the data and the forms required to interact with keycloak? Pattern definitions and explanations are missing from examples and documentation, as far as I can tell.
- Linking users to roles/privileges in other realms. How should one construct realms to grant roles & privileges automatically to users in other realms? (For example: All Users in Literary Society A can register for a party hosted by Literary Society B. Hence, how does realm admin B grant role KnownGuest to all users in realm A, to permit them to access Society B's register-to-the-event-page? Assume, of course, that both A and B are managed by the same Keycloak DB, so basic identity attributes should be extracted normally from Keycloak. Neither realm admins from A or B have master realm access.) Pattern definitions and explanations are missing from examples and documentation, as far as I can tell.