[keycloak-user] Configure authorization to only allow subset of user management actions?
Jared Blashka
jblashka at redhat.com
Wed Apr 17 16:00:48 EDT 2019
I've got a client application that wants to be able to remotely trigger the
password reset flow for some users. I see the execute-actions-email
endpoint on the user resource but it looks like the only permission check
present looks to see if that client has full management access for that
user or not. I don't want to allow the possibility of the client managing
other aspects of the user. Is there any way I can restrict this client to
only trigger the update password action or would I be better off adding my
own RealmResourceProvider for this?
More information about the keycloak-user
mailing list