Re: [keycloak-user] Patterns in Resource URI's

Hello everyone. I'm currently assessing KC Authz services and I stumbled across a use case that I'm not sure how to solve. I've found previous similar discussions but I couldn't find the answer that might apply directly to it. Basically, I have a web service that acts as resource server, following the UMA terminology, and I want to protect it using KC. This ws publishes several endpoints that follow a multi-tenant arrangement. Something like this: /{org_id}/products /{org_id}/product/{id} ... etc The ID Token obtained through the authentication OIDC flow carries the `org_id` data so I could provide this as additional claim to the token endpoint in order to get a proper RPT. However, I would like not to have to create a different resource per organization and uri, but just the same patterns as in the endpoints: /{org_id}/products /{org_id}/product/{id} I haven't found any information about whether it's possible to define a pattern also in the resource uri so that I can use it from the Evaluation API during the RPT issuance. I'm sure I'm missing something relevant here, but so far I couldn't find other solution than creating as many resources as organizations exist and that could be a maintanance burden in the future. Maybe it's just as simple as parsing the resource name, in JS or Drools Rules, in order to retrieve the `org_id` from the resource name. Any help would be appreciated. Thanks!. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user