Hi all,
I am using Keycloak filters to secure a spring REST API and I need to
provide an anonymous access to a subset of resources having a given scope
(like 'urn:scope:read:public'). To me, anonymous means a unauthenticated
user without access token.
I defined a dedicted security chain to bybass the authentication filter but
the authorization filter is expecting an access token to grant requests, so
I can't use it.
Do I need to implement my own filter only based on the protection API to
retrieve and check scopes of requested resources or is there a better way to
grant access to resources for anonymous users ?
Thanks.
--
View this message in context:
http://keycloak-user.88327.x6.nabble.com/Anonymous-access-to-scoped-resou...
Sent from the keycloak-user mailing list archive at
Nabble.com.