Manage user from other realm with APIs

Description of the situation

  • I Have a Realm that store user from an entreprise (call it Realm1)

  • I have a realm that store users which use a client app (random consumer, call it Realm2).

  • I need multi tenancy.

  • I use Quarkus

  • All data in database are filtered with a claim in the token

  • Nowaday, I need to keep all users in the same realm and add realm-management roles to allow worker user to manage consumer users.

  • I create client for API (bearer-only) for the realm.

  • I create client for user login (public/confidential).

  • To identify if a consumer user is at the office of a worker user, I need a worker user in this office to confirm it.

  • Then I put a claim in the user to know with the token where they are.

What I want to do

  • I want différent Realm to manage this
  • All I want to know is if : With my APIs is it possible to give them an Master realm client with realm-management roles and make them add the claim in the user when needed ?

I’m open to all of your advice, Thank you :wink: