Keycloak Realm Role Attribute used for user rights

[mk]

Hello, new keycloak user

I am creating a new web app using Angular (FrontEnd) and ExpressJS

Can I use the Realm Role Attribute as a storage for the different user types?
And put those attributes inside the token?

Thanks and Regards,
Myles

[mk]

Sorry I mean  Realm Role Attribute as a storage for the different user rights
Like rights to see a specific button,  not the whole page

[Marco Lettere]

Hi Miles,

I think this is better modeled with the authorization tools [1].

You can model application domain objects to resources, operations to scopes and the define permission and policies based on any characteristics of your user, roles or attributes.

You will get the information directly in the token as permission section of your JWT. Or you can ask remotely your KC for a specific permission passing in the user's token according to the UMA protocol.

I would suggest to define the roles in the client you define for your app on KC. To keep things isolated. Don't use realmwide roles unless you really have many applications sharing a significant set of roles or functionality.

Regards,

M.

[1] https://www.keycloak.org/docs/latest/authorization_services/index.html

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/00c206bc-02dc-4772-8e14-d261daabd395n%40googlegroups.com.