This repository has been archived by the owner on Aug 10, 2022. It is now read-only.
Duplication of roles between main client id and keycloak-hasura-connector client id #65
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
From what I have read (and deduced, because this is not clarified in the docs) and from what I have tried with some sample code, I see some kind of duplication as far as assigning roles is concerned.
Assuming that I have:
my-app(that acts as the main Keycloak client that my app logs against and where I have defined all my roles)hasura-auth-clientthat keycloak-hasura-connector is using to validate credentials.Both these keycloak clients are created according to the docs of the repo here.
Now it seems that all the roles I have defined in my
my-appclient will have to be duplicated under thehasura-auth-clientclient too, because this is the array that the connector is trying to pull roles from.Example:
Using a
hasura-auth-clientKeycloak with no roles assigned is not working, as no roles are passed to HasuraOne suggestion might be to define roles only in
hasura-auth-clientbut please note that for my business logic I need to use these roles in other parts of my application, and it does not make sense to be reading them from thehasura-auth-clientclient id, as I would like to have them grouped undermy-appDescribe the solution you'd like
My suggestion would be to initialize the connector with an additional Keycloak client that the connector could pull roles from.
Like:
Describe alternatives you've considered
I have forked to project and tried something like this and it seems to be working
Additional context
I am just trying to verify if I am not seeing anything obvious here, or if I have not setup something correctly, or I am doing something weird or abusing with this suggestion. I'm no Keycloak expert.
What do you think?
The text was updated successfully, but these errors were encountered: