unreal-altran opened a new issue, #9256: URL: https://github.com/apache/apisix/issues/9256
### Description From the plugin [documentation ](https://apisix.apache.org/docs/apisix/plugins/authz-keycloak/) it seems it is not possible to use the classic browser flow for NO-REST WEB applications. With ApiSix [openid-connect](https://apisix.apache.org/docs/apisix/plugins/openid-connect/) plugins it is possible to set the bearer_only: false property but this plugin does not enforce the security policies (PEP) like authz-keycloak plugin so currently it seems not possible with ApiSix + plugins to protect a WEB application by applying the security policies without having to touch the source code of the WEB application to protect. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
