[keycloak-user] Resource server implementation best practices?

Guus der Kinderen guus.der.kinderen at gmail.com
Mon Nov 28 07:12:50 EST 2016


When implementing one or more services that, based on an access token,
expose data related to the user that's identified in the access token, is
there a "best practice" in regards to handling the available scopes?

I'm debating between having one resource server that exposes all data to
which the token grants access to, versus have a resource server "per
claim", that either returns data, or an error code, based on the presence
of a particular scope within the access token.

Is there a common approach / best practice that covers this?



More information about the keycloak-user mailing list