Ignacio Gómez

I'll add the option but in a general way, not tied to Postgres. Of course, it'll be disabled by default. I'll link the PR when I'm done.

Scratch that, I'll see if I allow `clientid` to be used in queries, then you can bypass `username` with something like this: ``` SELECT topic FROM acl WHERE $1 =...

I went with the original idea because it was simpler and I don't think this is a commonly needed feature, the second one would involve adding support everywhere and changing...

@CompositeCoding sorry for the time it took, there's something going on with TLS Postgres tests, but it's unrelated to this issue and the PR I opened, so I finally decided...

Sadly, unless you disable super user checks for http backend or globally, you'll get this behavior because checking an ACL first loops through superuser enabled backends to check for it,...

Inverting the loop logic on a flag should be simple enough to implement, the only caveat is that I need to introduce ordering to backends as well. I'll let you...

@rickbassham let me know if you plan on adding that test I mentioned.

I've never used Keycloak, so I'd suggest checking logs to see what's going on.

I mean anything you can get your hands on. Turn on debug logging, maybe stand up a local instance of Keycloak and check traffic, etc. I'm sorry but you'll have...

Sorry, I closed by mistake. As I said, you'll need to gather all info you can and only then I could try to help if you still haven't caught the...