Hi, looking for a little advise. I have a typical SPA front end and REST
API.
Each customer can have multiple users with different roles like admin or
user. It's conceivable for a single user to belong to two different
customer accounts.
Because a single user could be an admin to account A and only a user in
account B, I thought of using Keycloak clients for namespacing the roles. I
would create a disabled client for each account purely to namespace the
roles.
Make sense?
I believe I would continue to use a single public client for the SPA and
single bearer only client for the API resource server.
I've read that keycloak has issues with large numbers of clients, but I
only expect to reach a few hundred.