Let's imagine that I need to develop something like Discord, there will be Roles and Permissions that apply in the context of a guild. Now I need to implement a system that has similar functionality.
How would you approach the implementation of such a system?
I'm a bit confused, I was planning to use Spring Framework and Keycloak as SSO. I don't see how it can be applied for permission management.
Also it is worth to mention that the client is SPA in a web browser.
You could create different roles for each guild (like guild-a:moderator, guild-a:member, etc.): there is an admin API which you can call from your spring application to create new roles when a new guild is created. You can even programmatically assign this roles to some users using this API.
Another way of proceeding would be handling users roles assignment across guilds in your Spring application and exposing a REST API for it. You can then define a Keycloak "mapper" which would query this API during user login process (after the user is successfully identified but before the access token is issued) and write user's guilds roles matrix in a private claim. I did something like that (set a private claim with the result of a REST call in a Keycloak mapper) in this project.