[keycloak-user] Multi Tenancy
James Pridmore
james.pridmore at ontexglobal.com
Tue Jan 15 11:51:42 EST 2019
Hi,
I wonder if you could offer some advice. We 're writing a React application and we are going to use keycloak for the security.
We have no prior experience using keycloak and we need to figure out the best way of representing our security model.
We have users and contracts, users might need to access different contracts and have different levels of security in each contract.
At the minute, we've set up each contract as a client, and granted a user permissions in each contract. When we log in, a user receives all permissions from every client in the JWT. I switched on Client Scope for each contract, and now we only get permissions for the individual client whose client_id I pass in when logging in. I'm having trouble switching between clients without having to re-log in (I was hoping to use the refresh token endpoint with a different client_ id for this).
I'd like to avoid sending all the permissions down in the token if possible.
Is there a better way of going about this, a better way of modelling out data within keycloak, what would you recommend?
Kind regards,
James
More information about the keycloak-user
mailing list