Sorry if this is a dumb question.

I want to have a quick look at using KeyCloak as IDP, and I have Nginx set up. Basically, I want to have role-based access control for different routes. Some users should have access to certain routes, while others should have access to different routes.

My main question is: Can Keycloak alone handle this scenario, or do I need an OAuth2 proxy as well? I've seen a lot of tutorials that integrate OAuth2 proxy with Nginx and Keycloak, and I'm trying to understand the reasons behind this setup.

Why can't Nginx and Keycloak together solve this authentication and authorization issue? Is there a specific reason for introducing OAuth2 proxy into the mix?

Ideally, I would like to keep things simple and avoid adding unnecessary components. If Nginx and Keycloak can handle role-based access control for different routes without the need for OAuth2 proxy, that would be great.

Thank you in advance for your help!