Permission management system with external openid-provider (keycloak)

[gterdem]

When we had IdentityServer module, we were able to define permissions for the client which is used during the client_credentials flow.

Since we moved to Keycloak completely, there is no way to assign application permission to an external openid-provider.

We may consider using scoped-based authorization or add UI for permission management to manually add permissions for clients (applications) for these kind of scenarios.

[hikalkan]

We've introduced integration services for service-to-service communication. Integration services may not have permission check because they are not exposed out of the cluster through API Gateway.
So, you can add an integration service to the CMS Kit microservice and consume it wherever necessary internally.

BTW, I am not sure about that:

Since we moved to Keycloak completely, there is no way to assign application permission to an external openid-provider.

Permission system is independent and can work with external providers too.