[question] Policy-based mode

[sherlant]

Hi,
i'm interested by your extension, particular for policy-based mode. I have a question about this mode :
we can configure policy for client about differents endpoints, for exemple :

• policy1: https://my-app.io/enterprise -> need group enterprise
• policy2: https://my-app.io/lts -> need group lts
  The app has no authorization check, only authentication delegate to oidc provider.
  This use case can works with your extension, and, if right, how ?

Thx

[sventorben]

Hello @sherlant,

yes, that is possible. The resource you need to add is per client. So it is possible to add different policies and permissions per client.

However, I would not recommend to use it in your case. You could simply use the role-based mode and assign the client role to the corresponding group.
I have explained a similiar scenarion in #118 (comment).

Please also make sure that you understand security considerations for your setup: https://github.com/sventorben/keycloak-restrict-client-auth#security-considerations

Let me know if this helps.

Regards
Sven-Torben