[keycloak-user] How to check permission when issuing token
Hiroyuki Wada
h2-wada at nri.co.jp
Wed Jul 4 00:13:52 EDT 2018
Hi,
Our customer has a requirement that they want to check whether the authenticated user has sufficient
permission to access the service(RP) when issuing token.
I came up with an idea using custom protocol mapper which checks the assigned roles as follows:
https://gist.github.com/wadahiro/b777c49b61766c8f634981756aedffaa
By using this mapper, token endpoint returns 403 Forbidden error if the authenticated user
doesn't have sufficient role.
Is this a good way? Or is there a better way to do it?
Best Regards
--
Hiroyuki Wada
Nomura Research Institute, Ltd.
More information about the keycloak-user
mailing list