springspring-bootjwtauthorizationkeycloak

Keycloak authorization on behalf of another user


I'm currently working on a spring boot application with Keycloak, in which users can reserve an office space or piece of hardware. I want to add the functionality for users to authorize other users to make a reservation on their behalf.

Scenario: Someone has a secretary who occasionally does their reservations for them. The secretary wants to make a reservation on behalf of her boss. The boss grants his/her secretary the rights to do so.

Is it possible with Keycloak to grant access to a user and allow them to do things on another user's behalf? If so, is there any documentation for this? (I have not been able to find any, just resource access sharing) Or how do i go about implementing this?

Thanks in advance.


Solution

  • I think this is pretty much what you are looking for: https://github.com/ch4mpy/user-proxies

    You might have a look at these tutorials first: https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials

    When thinking UAA (User Authentication & authorization), resource access authorization on the authorization server sucks. I know, names can make things confusing. Still, the authorization server should be used for user authentication and resource access authorization should be made on the resource server using Spring Security.

    In the solution above: