Keycloak

Introduction

• Keycloak is an open-source Identity and Access Management (IAM) software that provides secure authentication and authorization for applications and services.

• It support SSO (Single Sign In) which is similar with google login in

Clients

• It actually stand for application

• Redirect Url iis authentication can be set

• The client scope can be assigned to the client

Users

• The users is shared across the realm

• Each application in realm can refer to the user list

• The role can be assigned to the user

Endpoint

• Different api end points are exposed from keycloak

Authorization

/realms/{realm-name}/protocol/openid-connect/auth?xxxx

• The login page of keycloak

Token

/realms/{realm-name}/protocol/openid-connect/token?xxxx

• The method of getting access token

• The exchange between auth code and access token

• Refresh new access token

• Exchange between client access token

References

Securing applications and services with OpenID ConnectKeycloak

https://ithelp.ithome.com.tw/users/20112470/ironman/4324ithelp.ithome.com.tw