Alexander Schwartz
Aug 20, 2025

Delegating the chores of authenticating users to Keycloak

Stop building user authentication. Learn how to delegate the chores of registration, password resets, and session management to Keycloak and focus on your core application.

Alexander Schwartz - Delegating the chores of authenticating users to Keycloak
#1about 3 minutes

Understanding the complexities of modern user authentication

Delegating authentication is necessary because it involves more than just a login form, including registration, password recovery, and multi-factor authentication.

#2about 2 minutes

Introducing the key players in an OIDC ecosystem

The OpenID Connect architecture consists of three main actors: the end-user, the OpenID Provider like Keycloak, and the client application or relying party.

#3about 6 minutes

Using OIDC prompts for different user actions

Applications can use specific OIDC prompt parameters to check login status, initiate user registration, or trigger a standard login.

#4about 3 minutes

Handling session state, tokens, and user information

OpenID Connect provides standard endpoints and flows for checking session status with iframes, refreshing expired tokens, fetching user data, and securely logging out.

#5about 1 minute

Implementing step-up authentication for sensitive actions

Use Authentication Context Class Reference (ACR) values to request a higher level of assurance, such as a second factor, for critical operations.

#6about 3 minutes

Leveraging Keycloak's application-initiated actions

Keycloak's application-initiated actions allow you to redirect users to specific pages for tasks like updating their profile, changing a password, or verifying an email address.

#7about 2 minutes

Configuring user profiles for incremental data collection

Keycloak's user profile feature enables defining custom user attributes and using scopes to implement incremental profiling, collecting data only when an application requires it.

#8about 3 minutes

Customizing login flows and exploring further capabilities

Beyond standard authentication, Keycloak allows for customizing login flows to restrict client access and provides built-in support for features like password resets and remember me.

Related jobs
Jobs that call for the skills explored in this talk.
today
Java / Kotlin Developer in einem Cloud-Native-Stack
PROSOZ Herten GmbH
Herten, Germany
Intermediate
Senior
today
Senior Softwareentwickler (m/w/d)
PROSOZ Herten GmbH
Herten, Germany
Remote
Intermediate
Senior
yesterday
Principal Backend Engineer (Node.js)
Almedia
Berlin, Germany
Senior

Related Videos

WeAreDevelopers LIVE – Inclusion, Accessibility & Automation00:00
Chris Heilmann, Daniel Cranney & Daniela Kubesch — yesterday
WeAreDevelopers LIVE – Inclusion, Accessibility & Automation
Fireside Chat: Can Regulation Improve Accessibility? - Léonie Watson00:00
Léonie Watson — 3 days ago
Fireside Chat: Can Regulation Improve Accessibility? - Léonie Watson
WeAreDevelopers LIVE – Real-Time Phone Agents, Unsafe VPNs & More00:00
Chris Heilmann, Daniel Cranney & Marius Obert — 8 days ago
WeAreDevelopers LIVE – Real-Time Phone Agents, Unsafe VPNs & More