Hi to all, I’m trying to test the authorization process on keycloak on a openid connect client.
I’ve enable the authorization and associated a simple permission on a resource (/*) with related policy that authorize only one user to that resource. well, if I test the policy with the evaluate function and I try two differente users the only one that is authorized is ok the other one no. so it seems that the authorization process works fine.
after this I test the client with an external provider like https://oidcdebugger.com. at this point I retrieve the json token for both user after authentication when I expected to not enter with user not included in the policy… I miss something?