[keycloak-user] How to add Authorization (policies) for public clients in keycloak

Hi, I've one public client 'react' which uses the implicit grant for authentication. Now I want to secure this app back-end APIs, thus need to apply the authorization (policy, resource) settings. Is there any way to use the *Authorization* settings for the public client? As per my understanding, Authorization (policy, resource, scope) settings does not apply for *Public (Client Protocol)* client, It only for *Credential (Client Protocol) *client. Now the problem here is that when a user tries to log in using *credential-keycloak-client, *In that case, we need to use the *client_secret key* in front-end which would make the application more vulnerable. Let me know If my understanding is incorrect and feel free to share another approach to resolve this issue. Thanks, Shubham Akodiya