Please help us with the following issue.
Current scenario:
UI A --> OIDC provider --> UI B (SU) --> Kibana dashboard
We have a custom OIDC provider through which users get authenticated in Kibana. In UI B we use AngularJS. As we used elastic superuser (SU) to do API get calls in ES and display over AngularJS, a user without access to DB also can see the data in Angular.
Planned scenario:
UI A --> OIDC provider --> UI B (Individual User) --> Kibana dashboard
We are planning to replace the SU based ES API calls with UserID based ES API calls. A user gets already authenticated before seeing on UI B through the OIDC provider. However, the problem is how can we use the OIDC realm based authenticated user to see data over ANgularJS only s/he has access to.
We have followed this guideline, https://www.elastic.co/guide/en/elasticsearch/reference/7.6/oidc-without-kibana.html?blade=supportportalv1
However, there seems to not have much info on User authorization. There is realm based bearer token but no user-level bearer token we can use to make API calls to ES to fetch data. Is it possible to have user-level bearer token with OIDC realm authenticated user?
Please help. Thanks.