In this tutorial, I will share with you how to implement user look-up and authentication using Keycloak’s User Storage SPI. For starters, SPI stands for Service Provider Interface, and it is a way to write extensions to Keycloak to connect to external user databases and credential stores. In this tutorial, we will make Keycloak load…
Read More Keycloak User Storage SPI Example with Remote ServiceIn this tutorial, you will learn how to download and start up Keycloak as a standalone server. What is Keycloak? Keycloak is an open-source identity and access management tool focusing on modern applications and services such as mobile applications, REST APIs, and single-page applications. How to Download Keycloak? To download the Keycloak go to the…
Read More Keycloak: Starting a Standalone ServerIn the previous blog post, we have covered how to grant access to certain endpoints based on the Role configured through code. As we know, Keycloak is the Identity and Access Management solution that provides out-of-the-box authentication and authorization services. One of the services includes a Fine-Grained Authorization Service. Fine-Grained Authorization Service provides businesses with…
Read More Fine-grained Authorization Services in Keycloak with Spring BootIn the previous blog post, we covered the basics of how to use Keycloak with Spring boot. In this blog post, we will explore Role-based Access Control to Rest API with Keycloak. So let’s get started! Imagine we have a microservice for a Research Journal Management System that can serve users with two types of…
Read More Role-Based Access Control to REST API with KeycloakThis tutorial will teach you how to use Keycloak to secure your Spring Boot Application. To find other tutorials, check the Keycloak tutorials page. What is Keycloak? According to Keycloak’s official website, It is an open-source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and…
Read More A Guide to use Keycloak with Spring BootIn this tutorial, you will learn how to get the currently authenticated principal user UserId value from the JWT access token generated by Keycloak. UserId in JWT The userId value will be stored under the “sub” key in the JWT access token generated by Keycloak. Below is an example of a decoded JWT access token containing…
Read More Get UserId from Keycloak JWT Access TokenIn this tutorial, you will learn how to register a new OAuth Client application with Keycloak and how to request an access token using the Client Credentials grant type. If you are interested to learn how to perform other OAuth 2 authorization flows with Keycloak, then have a look at the following tutorials as well.…
Read More Keycloak: Client Credentials Grant ExampleIn this tutorial, you will learn how to create a new OAuth Client application in Keycloak. If you are interested to learn more about Keycloak and how to perform different OAuth 2 authorization flows using the Keycloak server, then have a look at other Keycloak tutorials as well. Creating a New OAuth Client Application To…
Read More Keycloak: Create a New OAuth Client ApplicationIn this tutorial, you will learn how to perform PKCE verification when acquiring an access token using the OAuth 2 Authorization Code Grant flow. PKCE stands for Proof Key for Code Exchange and the PKCE-enhanced Authorization Code Flow builds upon the standard Authorization Code Flow, so the steps are very similar. To learn how to acquire…
Read More PKCE Verification in Authorization Code GrantIn this tutorial, you will learn how to configure Keycloak to use the MySQL database server instead of the H2 database. Create MySQL Database for Keycloak To make the Keycloak store data in MySQL database, we will need to create a new MySQL database. Sign-in to MySQL server with a root user credentials and create…
Read More Keycloak: Configure MySQL DatabaseIn this tutorial, you will learn how to use the Keycloak REST API to create a new user for your application. There are a few ways you get to register a new user: You can create a new user using the Keycloak Web Administration Console, You can let users register a new account themselves, Or…
Read More Keycloak REST API: Create a New UserIn this tutorial, you will learn how to create an OAuth 2 scope in Keycloak. What is OAuth Scope? A scope is used by OAuth 2 to restrict access to a resource. When requesting an access token from an authorization server, a client application will include a scope request parameter specifying a list of scopes or…
Read More Creating OAuth 2 Scope in KeycloakIn this tutorial, you will learn how to implement a very simple OAuth2 Resource Server that will validate the JWT token it has earlier acquired from a Keycloak authorization server. I this tutorial I will not show how to acquire the JWT access token but if you are interested to learn how to do it,…
Read More OAuth 2 Resource Server and KeycloakIn this tutorial, you will learn how to get an access token from the Keycloak authorization server using the OAuth Authorization Code Grant flow. You should use this authorization flow only if your application support redirects. For example, if your application is a Web application or a mobile application, then this authorization grant flow is…
Read More Keycloak: Authorization Code Grant ExampleIn this tutorial, you will learn how to use a Password Grant OAuth 2 authorization flow to request an Access Token and a Refresh token from the Keycloak server by sending HTTP Post request to a /token web service endpoint. The Password Grant flow should only be used if your application does not support redirects. Otherwise,…
Read More Keycloak: Requesting Token with Password Grant