There is a bunch of open-source software that provides out of the box integration with OpenID Connect providers such as Keycloak. Additionally, some of them provide the ability to bring in groups/roles from the tokens which are then used for limiting access of users. One such widely used tool is Kubernetes. This guide details the integration of Kubernetes with Keycloak for authentication and access control. …
In one of the previous guides, we covered how tokens generated by Keycloak have some very specific pieces of information (claims) due to its support for OpenID Connect. However, the token also contains some non-standard claims, such as
preferred_username. Let's generate a token, examine it, and see what else is in there. Use one of the methods discussed in the previous guides to generate a token. I'm just going to put a decoded token payload in here:
"scope": "email profile",
This is part 2 of a 4-part series on Keycloak. For part 1, click here.
In the previous section, we utilized
curl to perform HTTP requests to get the token. This was possible through something called a Direct Access Grant and usually, in a web application or a service, we don't want that since this involves sending plaintext username and password in a request.
The most recommended way of getting a token for your application or service is through something called Authorization Code Flow.
First, you need to fire up the Keycloak Administration Console again and change some configuration parameters on the
A few years ago when I was introduced to the world of microservices for the purpose of looking into token authentication, I stumbled across Keycloak. Keycloak is an open-source identity and access management service maintained by JBoss, a division of Red Hat. Keycloak comes with a plethora of features that do take some time to get familiar with. Some of these features, such as OpenID Connect, RBAC, and Authorization services are very useful for the security needs of modern microservices. This 4-part series is for those who want to rapidly ramp-up their know-how of these crucial features. We’d be covering token-based authentication, authorization flow, access control, and authorization services through Keycloak with example use cases. …