Is the user role obtained from the AuthServer ?

[cld0815]

Is there an existing issue for this?

• [X] I have searched the existing issues

Description

When I try to replace AuthServer with keycloak, I find that the user role is obtained from AuthServer. How do I obtain the role when using Keycloak?

Reproduction Steps

No response

Expected behavior

No response

Actual behavior

No response

Regression?

No response

Known Workarounds

No response

Version

7.3.0

User Interface

Blazor Server

Database Provider

EF Core (Default)

Tiered or separate authentication server

Tiered

Operation System

Windows (Default)

Other information

No response

[gterdem]

By requesting the roles scope; https://github.com/abpframework/eShopOnAbp/blob/b3c26cf1e2f877306d345c5a7b3fddf81c4f045e/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs#L163

[cld0815]

@gterdem Thanks for your answer, but I have one more question. How do I configure a user's role in keycloak?

[gterdem]

1- Do you want to use the keycloak to handle user and role management? 2- Do you want to use the ABP Identity module to handle user and role management?

Authentication will be handled by the keycloak in both cases. But the authorization will change in both scenarios.

I am currently implementing the 2. option for the eShopOnAbp project. Creating roles and users within the ABP Identity management and synchronize it to the keycloak. This way, permission management will work automatically.

[cld0815]

@gterdem My understanding is different. I think we can create users and roles in the keycloak and synchronize them to the abp Identity module, Is that the 1. option means?