Hi,
I wonder if you could offer some advice. We 're writing a React application and we are
going to use keycloak for the security.
We have no prior experience using keycloak and we need to figure out the best way of
representing our security model.
We have users and contracts, users might need to access different contracts and have
different levels of security in each contract.
At the minute, we've set up each contract as a client, and granted a user permissions
in each contract. When we log in, a user receives all permissions from every client in the
JWT. I switched on Client Scope for each contract, and now we only get permissions for the
individual client whose client_id I pass in when logging in. I'm having trouble
switching between clients without having to re-log in (I was hoping to use the refresh
token endpoint with a different client_ id for this).
I'd like to avoid sending all the permissions down in the token if possible.
Is there a better way of going about this, a better way of modelling out data within
keycloak, what would you recommend?
Kind regards,
James
Show replies by date