Restrict to "admin" users somehow? #9

New Issue

3wordchant · 2023-04-08T01:28:37Z

3wordchant commented

2023-04-08 01:28:37 +00:00

Currently, deploying this app means that anyone with a Keycloak account can invite other users. Quoth the README:

There is no access granularity on the account creation implemented yet, so the accounts are "global"

It'd be handy if access to keycloak-collective-portal could be restricted to a sub-set of Keycloak users -- so that administrators could make and distribute invitation links, without throwing the doors completely open for 9,999 new accounts.

The simplest way of doing this that I can think of would be to add a config option for a specific username, or list of usernames, that's permitted to access. Even sweeter (although probably not necessary for now) would be the ability to require a Keycloak user to hold a specified role, or to be a member of a specified group.

Currently, deploying this app means that anyone with a Keycloak account can invite other users. Quoth the README: > There is no access granularity on the account creation implemented yet, so the accounts are "global" It'd be handy if access to `keycloak-collective-portal` could be restricted to a sub-set of Keycloak users -- so that administrators could make and distribute invitation links, without throwing the doors completely open for 9,999 new accounts. The simplest way of doing this that I can think of would be to add a config option for a specific username, or list of usernames, that's permitted to access. Even sweeter (although probably not necessary for now) would be the ability to require a Keycloak user to hold a specified role, or to be a member of a specified group.

Sign in to join this conversation.

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: autonomic-cooperative/keycloak-collective-portal#9