Offline access is a feature of OpenID Connect defined at https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess. It allows the application with an offline token (a kind of refresh token) to get access token and use resources without the user having to log in, for a long time or forever. Keycloak… Read More
I introduced Refresh Token grant type in OAuth 2.0 in the tutorial about Grant types in OAuth 2.0. In this tutorial, I will show you how we get a new access token using refresh token with Keycloak! First, I will create a new client in… Read More
In the previous tutorial, I showed you how to add a new client in Keycloak and also showed you how to configure a client that supports grant type Authorization Code with PKCE of OAuth2. In this tutorial, I will show you how to add and… Read More
When using Keycloak for the authentication of web applications, we will often encounter Web Origin-related errors such as “Access to XMLHttpRequest at ‘http://localhost:8080/realms/huongdanjava/protocol/openid-connect/token’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.” The reason is that… Read More
OAuth 2.0 Security Best Current Practice recommends that we do not use grant type Resource Owner Password Credentials of OAuth2 but if your application needs to use this grant type, please read this tutorial! I will guide you on how to create and configure the… Read More
To use applications that use Keycloak for authentication and authorization, we need a user to log in. Usually, in large systems, the user information will be stored in Active Directory (AD) or LDAP, Keycloak can connect to these systems to retrieve user information. It can… Read More
Clients in Keycloak are applications that interact with it for authentication and authorization. Adding a new client in Keycloak is letting it manage all clients that will connect to it, according to which protocol, which standard authentication and authorization. In this tutorial, I will show… Read More
Realm is a concept in Keycloak that refers to an object managing a set of users along with their credentials, roles and groups. A user in Keycloak belongs to only one realm and the user who logs in to Keycloak will log into that user’s… Read More
Keycloak is an open-source software for managing access for any application. It supports many different authentication and authorization standards such as Single Sign-On (basically, we can use our login information for many different applications), OpenID Connect, LDAP, and more … In this tutorial, I will… Read More
