thomseddon
commented
3 years ago This sounds great, would definitely be interested to see how it could be implemented. Happy to discuss implementation ideas!
Open kaysond opened 3 years ago
thomseddon
commented
3 years ago This sounds great, would definitely be interested to see how it could be implemented. Happy to discuss implementation ideas!
I'm using Keycloak for user management, and with traefik-forward-auth, access control is basically all or nothing. (There are some workarounds involving modifying the login flow, but its pretty hack-y). Keycloak has an API that implements UMA which can be used to check if the specific user has access to that specific resource (which is usually specified by url).
@thomseddon would you take a PR implementing this?
Some info: https://en.wikipedia.org/wiki/User-Managed_Access https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html https://wso2.com/library/article/2018/12/a-quick-guide-to-user-managed-access-2-0/