Keycloak isn’t really for authorization. It’s an openid connect provider so it r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kcolford on April 25, 2021 \| parent \| context \| favorite \| on: Casbin: An authorization library that supports aut... Keycloak isn’t really for authorization. It’s an openid connect provider so it really does authentication (identifying who the user is). Maybe they’ve been adding features to make it better or you can shoehorn some authorization into the jwt token that your app uses, but that’s generally not a great way to use it.

rad_gruchalski on April 25, 2021 [–]

That's incorrect. Keycloak comes with UMA2 implementation which is for authorization. There is the whole concept of authorization services in there. I have written about it here: https://gruchalski.com/posts/2020-09-05-introduction-to-keyc....

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact