AuthGuard.roles is insufficient for checking access due to lacking resource information

[AlexSchuetz]

Bug Report or Feature Request (mark with an x)

- [ ] bug report -> please search for issues before submitting
- [x] feature request

Versions.

Keycloak-Server: 11.0.0 keycloak-angular: ^9.1.0 keycloak-js: 15.0.0 angular/material: 13.3.6

Repro steps.

• Add two clients to the same realm in Keycloak with equal named roles.
• Create a user that has the roles of one client, but not of the other.
• AuthGuard.roles doesn't provide any information about the origin of the roles.

Desired functionality.

AuthGuard should remove the roles-property and instead make the keycloak service protected, so that the more precise isUserInRole is available.

Our realm has many clients and rolenames are not guranteed to be unique.

[mauriciovigolo]

Hi @AlexSchuetz and thanks for opening the issue.

Would adding a prefix of the application or something similar as part of the role name, be an option for you? The list of roles comes from keycloak. Neither keycloak-js and keycloak-angular manipulate them.