we are using Keycloak already with some server based apps and confidential access-type Clients. There we use the authorization feature to define the users acl and fetch the user permissions with our app.
Now we are developing an Angular App and we have to use public access-type clients. What we saw then was there is no authorization option available when using public access-type clients.
Can anyone explain why thats the case? We are using quite fine grained ACLs and so the authorization option was the best for us. Do we have to stick to role based ACLs now or are there other options to achieve this?