So, I’m generating RPT tokens with authorization scopes and permissions for given users.
The thing is, Keycloak doesn’t allow you to set multiple audiences in the UMA request, ie. won’t let you request permissions for a user, across different clients.
If this can’t be done, can one incrementally add permissions from other clients, to a token that was initially provisioned for one client?
e.g.
I have two clients main-api and billing-api
With respective resources and permissions on each
How can I generate an RPT token for a user, that will hold permissions for resources, from both main-api and billing-api clients?