feat(auth): medewerker-realm AuthService + provider, roles surface, realm-roles mapper (refs #13)
The behandel-portal authenticates staff against the Keycloak `medewerker` realm. Add MedewerkerAuthService (reads nested realm_access.roles), provideMedewerkerAuth, a roles/hasRole surface on the shared AuthService, and a realm-roles protocol mapper so the frontend can read the behandelaar/teamlead roles from the token. Per ADR-0013 the BFF remains the security boundary. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,4 +1,6 @@
|
||||
export * from './lib/auth.service';
|
||||
export * from './lib/digid-auth.service';
|
||||
export * from './lib/digid-auth.providers';
|
||||
export * from './lib/medewerker-auth.service';
|
||||
export * from './lib/medewerker-auth.providers';
|
||||
export * from './lib/authenticated.guard';
|
||||
|
||||
Reference in New Issue
Block a user