Re: [keycloak-user] Anonymous access to scoped resources

Hi all, I am using Keycloak filters to secure a spring REST API and I need to provide an anonymous access to a subset of resources having a given scope (like 'urn:scope:read:public'). To me, anonymous means a unauthenticated user without access token. I defined a dedicted security chain to bybass the authentication filter but the authorization filter is expecting an access token to grant requests, so I can't use it. Do I need to implement my own filter only based on the protection API to retrieve and check scopes of requested resources or is there a better way to grant access to resources for anonymous users ? Thanks. -- View this message in context: http://keycloak-user.88327.x6. nabble.com/Anonymous-access-to-scoped-resources-tp2929.html Sent from the keycloak-user mailing list archive at Nabble.com. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user