Multi Tenancy through Scopes

[VizorKit]

- [ ] bug report -> please search for issues before submitting
- [ x] feature request

Versions.

^5.1.0

Multi Tenancy is a bit difficult, its a bit more difficult if a user can act on behalf of another organization while being in their own organization.

Keycloak has an issue with scaling past 1000+ Realms. So we have solved Multi tenancy in an interesting way,
We use a client scope created for each tenant. And then a set of mappers to return the Client Roles a User has for that client scope that is active.

The only thing we are missing is in this angular support, we need the ability on init to pass in the scope.

[jonkoops]

It is not possible to pass in the scope at the moment of initialization, you can however pass a scope into the login() method. For example:

function initializeKeycloak(keycloak: KeycloakService) {
  return async () => {
    const authenticated = await keycloak.init({
      config: {
        url: 'http://localhost:8080/auth',
        realm: 'master',
        clientId: 'my-app',
      },
    });

    if (!authenticated) {
      await keycloak.login({ scope: 'YOUR SCOPE HERE' });
    }
  }
}

@VizorKit does this resolve your issue?

[LeoPote]

Hi jonkoops,

1. If there are many scopes to be requested, how do you have to set in your scope clause, with space or comma separated? Or how exactly?

2. I tested for one scope and it didn't work for me. Are you sure that this procedure should work?

Thank you

[CodeSwimBikeRunner]

@LeoPote last I checked on this, it looked like keycloak.js, completely dropped the scope all together. (at least the version I was looking at)