postgrest-docs icon indicating copy to clipboard operation
postgrest-docs copied to clipboard
verified publisher icon PostgREST

Configuration for keycloak

Open steve-chavez opened this issue 6 years ago • 5 comments

Follow the guideline in https://github.com/PostgREST/postgrest/issues/1191

steve-chavez avatar Mar 09 '19 20:03 steve-chavez

Also see https://stackoverflow.com/questions/52813380/authenticate-postgrest-api-through-keycloak.

steve-chavez avatar Aug 26 '19 18:08 steve-chavez

I'm also wondering about the role mapping, I would like to add a claim "role" if my user has a specific role (admin e.g) in keycloak and if it has not, using the web-anon role. Tried playing with the claim mappings but it seems to be all keycloak roles or nothing in the claim.

Videl avatar Jul 20 '20 12:07 Videl

Apparently what I want to do (control what's in the role claim according to my user settings) could be done with a JavaScript provider: https://www.keycloak.org/docs/latest/server_development/#_script_providers

Videl avatar Jul 20 '20 12:07 Videl

@Videl Have you seen https://www.mathieupassenaud.fr/codeless_backend/? (Linked in our community tutorials)

Maybe I can close this issue if that tutorial has all the info needed.

steve-chavez avatar Jul 20 '20 17:07 steve-chavez

A position index wasn't enough for me: PGRST_ROLE_CLAIM_KEY: '.resource_access.frontend.roles[0]'

My users have a lot of roles and the first one is not necessarily the one I want to use for Postgrest. I had to do a new claim mapper to control the value used by Postgrest.

Keycloak can turn a list of roles into this claim string: "[admin, user, test]" or a JSON list ['admin', 'user', 'test']. If Postgrest could check for a specific value in a list, that could be useful for all JWT tokens?

Something like: PGRST_ROLE_CLAIM_KEY: '.resource_access.frontend.roles .has(admin) ? schema_admin : web_anon' (that's basically what I had to in the custom JS mapper for Keycloak)

Videl avatar Jul 29 '20 21:07 Videl