Offline token with Keycloak

Offline access is a feature of OpenID Connect defined at It allows the application with an offline token (a kind of refresh token) to get access token and use resources without the user having to log in, for a long time or forever. Keycloak… Read More

Configure Web Origin in Keycloak

When using Keycloak for the authentication of web applications, we will often encounter Web Origin-related errors such as “Access to XMLHttpRequest at ‘http://localhost:8080/realms/huongdanjava/protocol/openid-connect/token’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.” The reason is that… Read More

Create new user in Keycloak

To use applications that use Keycloak for authentication and authorization, we need a user to log in. Usually, in large systems, the user information will be stored in Active Directory (AD) or LDAP, Keycloak can connect to these systems to retrieve user information. It can… Read More

Add new client in Keycloak

Clients in Keycloak are applications that interact with it for authentication and authorization. Adding a new client in Keycloak is letting it manage all clients that will connect to it, according to which protocol, which standard authentication and authorization. In this tutorial, I will show… Read More

Install Keycloak standalone server

Keycloak is an open-source software for managing access for any application. It supports many different authentication and authorization standards such as Single Sign-On (basically, we can use our login information for many different applications), OpenID Connect, LDAP, and more … In this tutorial, I will… Read More