Checking Keycloak configuration with Open Policy Agent Policies

[Thomas Darimont]

Hello Keycloak Developers,

a while ago there was a discussion about checking Keycloak realm / client configurations

against OAuth 2.x Security Best Current practices and similar guidelines.

I think I just found a neat way to express some checks from this guidelines via Open Policy Agent policies.

Here is a small example: https://github.com/thomasdarimont/keycloak-opa-config-validation if you are interested.

Cheers,

Thomas