My customer already have a SSO system : all the customer facing application are accessible through a web portal with SSO support. The users are all declared in a Keycloack IDP and they have broad roles.
My application (js spa and webapi) is supposed to be integrated on this web portal and have it’s own set of required permissions.
What is the best way for me to achieve this goal ?