So, I’ve set up authorization with Keycloak. Defined all resources, scopes and permissions and now I can obtain a user token and then exchange it for a RPT token, containing the requested permissions within the headers.
What I thought about now is creating a frontend app, that will redirect to Keycloak’s login page. Once the user is logged in, I’d like to list all the resources that user can access - let the user choose some of these and create an RPT holding the permissions.
I expected that Keycloak will provide a UI where a logged in user can “Allow” the requested scopes - some what like many other auth providers do - e.g. let’s take Facebook as an example.
If you login with Facebook on a web app, it can request permissions from Facebook at which moment, it will redirect or popup a window with said permissions, where you actually allow this web app to “generate a token” holding the said scopes.
Can this be done with Keycloak out of the box? Or one would actually need to implement their own solution for this “authorization” UI?
Looking more into the docs, seems like I’d need to request and generate UMA Tickets, but still, does Keycloak provide us with a UI screen/popup where a user actually approves the requested scopes?