Photo by Brett Sayles from Pexels

This is an extension of part 3 of a 4-part series on Keycloak. For part 1, click here, for part 2, click here, and for part 3 click here.

There is a bunch of open-source software that provides out of the box integration with OpenID Connect providers such as Keycloak. Additionally, some of them provide the ability to bring in groups/roles from the tokens which are then used for limiting access of users. One such widely used tool is Kubernetes. This guide details the integration of Kubernetes with Keycloak for authentication and access control. …

Photo by Pixabay from Pexels

This is part 3 of a 4-part series on Keycloak. For part 1, click here and for part 2, click here.

In one of the previous guides, we covered how tokens generated by Keycloak have some very specific pieces of information (claims) due to its support for OpenID Connect. However, the token also contains some non-standard claims, such as preferred_username. Let's generate a token, examine it, and see what else is in there. Use one of the methods discussed in the previous guides to generate a token. I'm just going to put a decoded token payload in here:


Photo by Pixabay from Pexels

This is part 2 of a 4-part series on Keycloak. For part 1, click here.

In the previous section, we utilized curl to perform HTTP requests to get the token. This was possible through something called a Direct Access Grant and usually, in a web application or a service, we don't want that since this involves sending plaintext username and password in a request.

The most recommended way of getting a token for your application or service is through something called Authorization Code Flow.

Authorization Code Flow

First, you need to fire up the Keycloak Administration Console again and change some configuration parameters…

Photo by Life Of Pix from Pexels

A few years ago when I was introduced to the world of microservices for the purpose of looking into token authentication, I stumbled across Keycloak. Keycloak is an open-source identity and access management service maintained by JBoss, a division of Red Hat. Keycloak comes with a plethora of features that do take some time to get familiar with. Some of these features, such as OpenID Connect, RBAC, and Authorization services are very useful for the security needs of modern microservices. This 4-part series is for those who want to rapidly ramp-up their know-how of these crucial features. We’d be covering…

Usman Shahid

Code Mechanic and Deployment Plumber, Curious for Details

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store