I have decided to implement Keycloak as a central authorization server. It means that every resources which I want to be protected have to be added to Keycloak client resources. For example when user creates new car object with ID 121 then to Keycloak resources I have to add /car/121 resource with proper scopes and assigned permissions to this user. Problem is that in microservice architecure every microservice have to have dependecy to Keycloak API to add new resource. This also might be implemented in custom API Gateway after reciving created object ID or I can send events and listen for them in another service and create those resources. I wonder if there are other ready to use and automated solutions for resources management?
Asked
Active
Viewed 25 times
0
-
In my opinion, Your question too wide area(scope base authorization, resource REST API,permission, custom API gateway, micro-serve architecture, event publish/subscription of service, automated solution), you needs to focus small topic question. It is hard too figure out you are looking for. – Bench Vue Aug 17 '23 at 18:25
-
I just gave a examples of possible solutions for this problem (creating resources in Keycalok without direct dependecy in code). And my question is if there are other, better possible solutions for that. – Konrad Aug 17 '23 at 22:20
-
1[This](https://stackoverflow.com/questions/42186537/resources-scopes-permissions-and-policies-in-keycloak/58906945#58906945) and [that](https://stackoverflow.com/questions/73307606/keycloak-authorization-between-services-and-the-public-frontend/73309721#73309721) may help to cover your question. – Bench Vue Aug 17 '23 at 22:42