I’ve faced with one use case and haven’t found a solution yet.
Problem is - I have two separated front-end applications with different urls and clients, but both of them (and also back-end services) use the same realm. All users store in one realm. And one of these front-services creates users and I can choose, for which application user will be created. For example, if I choosed service A for user that means the user will be able to login only in service A, the same thing for service B.
My question is - how implement linking clients and users (or maybe group of users)? Is that possible at all? I still want to use only one realm for my services.
I’ve seen this answer many times, but not sure - it’s good for only one client or for my case it also userful advice?
Yes, I haven’t mentioned. I could just authenticate users on my back-end service using Keycloak Java adapter by getting credentials and give token to front-end, but I still need solution using keycloak as well.