Hi, We have microservices that are secured with keycloak and authorization on each microservice (client in keycloak) is enabled. We generate a role for each endpoint. So for every endpoint that user wants to access, user should have role assigned to his group or to the user.
But there is a requirement that other services would try to access the endpoints, I could pass the jwt in the request header where keycloak will authorize if jwt has role or not. But I want to avoid this authorization check, by adding exclusion rule - if request came from same hostname then just allow the request. Is this possible in keycloak ? Also please lt me know if this is bad practice ?