search

abpframework / eShopOnAbp

Reference microservice solution built with the ABP Framework and .NET, runs on Kubernetes with Helm configuration, includes API Gateways, Angular and ASP.NET Core MVC applications, PostgreSQL and MongoDB databases
https://www.eShopOnAbp.com/
MIT License
694 stars 272 forks source link

Permission management system with external openid-provider (keycloak) #197

Open gterdem opened 1 year ago

gterdem commented 1 year ago

When we had IdentityServer module, we were able to define permissions for the client which is used during the client_credentials flow.

Since we moved to Keycloak completely, there is no way to assign application permission to an external openid-provider.

We may consider using scoped-based authorization or add UI for permission management to manually add permissions for clients (applications) for these kind of scenarios.

hikalkan commented 1 year ago

We've introduced integration services for service-to-service communication. Integration services may not have permission check because they are not exposed out of the cluster through API Gateway. So, you can add an integration service to the CMS Kit microservice and consume it wherever necessary internally.

BTW, I am not sure about that:

Since we moved to Keycloak completely, there is no way to assign application permission to an external openid-provider.

Permission system is independent and can work with external providers too.