I require each user in my realm to have only one role. But I can’t get to this state because, when a new user is created Keycloak adds the default-roles-(realmname) to the user’s roles. So my app role is appended to the list so to speak. I don’t want Keycloak to assign any roles to my users other than those that I specify.
A default answer to this question might be “delete the role after the user is created” but that would require admin level access, and I don’t want to give my API which creates the user that level of access.
I’d prefer Keycloak didn’t assign any roles, as why would you want some other system controlling the access and permissions that your users are assigned?
Any tips on this one?