RBAC for temporal

Hi team,

We would like to utilize the Authorizer and claimmapper plugins provided by Temporal.

We are using Temporal binaries and have an RSA-signed JWT token provider built on top of Keycloak. The JWT token we use has a different structure for roles and does not include the “permission” flat array structure that Temporal’s default claimmapper expects.

Since we are using Temporal binaries, modifying the default claimmapper or introducing our own custom claimmapper is not an option.

What would you suggest as possible solutions to enable the use of the default claimmapper/authorizer? We have a proxy layer where we can intercept gRPC interceptors.

Thanks!