I was searching through the supported policy types of keycloak, and saw that it offers some predefined choices regarding:
- Regex
- Role
- Client
- User ...
- Js
The most flexible one, seems to be Js after the drop of support on rule based policies.
So my question is, if it is possible to implement some type or parts of license enforcement using keycloak.
Say for example the case of denying access to a user if he/she is owner at more than X resources of a particular type. (E.g. allow each user a limit of X image uploads). I couldn't find a way to implement this natively using the evaluation context. It might be possible by updating the permissions/scopes, such as removing a related user policy through an external service but it doesn't sound appealing. Is keycloak meant to support such a case through policies?
Thanks in advance.