One of the advantages of using an IAM system like keycloak is delegating complex security to an external system.
But when I look at the keycloak UMA photoz example, I see an example where you need to add 2 columns to your resource DB table:
So the userid (owner) and externalid (id of the resource inside keycloak) are added to the DB table in which the resource resides. This seems kind of intrusive.
Isn’t it possible to use the resource URI to dynamically fetch the owner (=userid) and resource id (=externalid), to handle the same logic?
This seems less intrusive. Though I can image this causes a serious performance hit.
All feedback welcome.