Hi all,
i'm currently working on Keycloack and its integration in our architecture
witch is composed of several modules.
According to the documentation i plan to
- create a realm (witch is related to my organisation)
- create "clients" for every applications i would like to secure with
keycloak.
I don't want to manage roles at realm level (for organisational and
security reasons). I want to manage roles by client (using eventually a
client template if several modules share the same configuration).
In this mode, i would like to be abble, from a given resource in the
context of an authenticated client (authenticate from the brower
authentification), to retrieve roles for a given remote "client' in order
to male a remote call to its api using the right roles.
i would like to know if it's possible from a given backend client to ask
to Keycloak an "access_token" for an other client using the current
authenticated user (and so its related jwt token).
i plan to use a client authentificator client_assertion_type with the
current user token. Is it the right solution ?
Thks for your reply.