Reputation: 23
KrakenD Config custom dynamic role based on URL
I want to add one URL configuration which would be dynamic. For eg. URL: /api/v1/{did} and my jwt token would contain user-id, roles where role = did (same as in URL). There are various URL like this with different did but same endpoint and krakend should validate that one user has access to that specific URL(did), so I have roles created in keycloak as did (roles = did). I want to specify roles in krakend json file like roles : [{did}]. Is there any way to achieve this?
Upvotes: 0
Views: 750
Answers (1)
Reputation: 1440
That should be possible using a CEL rule (Common Expression Language). With CEL you can set an expression that makes sure that the passed {did} parameter equals to the content of the JWT attribute containing the role.
The following page has several examples that might help you: https://www.krakend.io/docs/endpoints/common-expression-language-cel/
For the testing I would suggest using the devopsfaith/krakend:watch command that hots reload the configuration on every change.
Upvotes: 0
Related Questions
- How can i create user with multiple Client roles in a single API
- KeyCloak create composite role
- Keycloak: Way to manage default client roles assigned to a user in a realm
- Retrieve Keycloak Roles in reactive Spring Gateway security
- Keycloak - Resource based Role & scope base auth
- How to get roles from custom client in keycloak?
- How to assign specific user role an user in key-cloak via rest api?
- Keycloak: Create role with attributes in Java Client
- add role to a user in a client keycloak
- Keycloak - Resource based Role