Alexander Schwartz

Delegating the chores of authenticating users to Keycloak

Stop building user authentication. Learn how to delegate the chores of registration, password resets, and session management to Keycloak and focus on your core application.

Delegating the chores of authenticating users to Keycloak
#1about 3 minutes

Understanding the complexities of modern user authentication

Delegating authentication is necessary because it involves more than just a login form, including registration, password recovery, and multi-factor authentication.

#2about 2 minutes

Introducing the key players in an OIDC ecosystem

The OpenID Connect architecture consists of three main actors: the end-user, the OpenID Provider like Keycloak, and the client application or relying party.

#3about 6 minutes

Using OIDC prompts for different user actions

Applications can use specific OIDC prompt parameters to check login status, initiate user registration, or trigger a standard login.

#4about 3 minutes

Handling session state, tokens, and user information

OpenID Connect provides standard endpoints and flows for checking session status with iframes, refreshing expired tokens, fetching user data, and securely logging out.

#5about 1 minute

Implementing step-up authentication for sensitive actions

Use Authentication Context Class Reference (ACR) values to request a higher level of assurance, such as a second factor, for critical operations.

#6about 3 minutes

Leveraging Keycloak's application-initiated actions

Keycloak's application-initiated actions allow you to redirect users to specific pages for tasks like updating their profile, changing a password, or verifying an email address.

#7about 2 minutes

Configuring user profiles for incremental data collection

Keycloak's user profile feature enables defining custom user attributes and using scopes to implement incremental profiling, collecting data only when an application requires it.

#8about 3 minutes

Customizing login flows and exploring further capabilities

Beyond standard authentication, Keycloak allows for customizing login flows to restrict client access and provides built-in support for features like password resets and remember me.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

An overview of Keycloak for identity management
02:43 MIN

An overview of Keycloak for identity management

Keycloak case study: Making users happy with service level indicators and observability

Implementing the authentication and authorization workflow
11:43 MIN

Implementing the authentication and authorization workflow

Get started with securing your cloud-native Java microservices applications

Introducing Keymate for zero-rewrite authorization on Keycloak
01:08 MIN

Introducing Keymate for zero-rewrite authorization on Keycloak

Keymate – Modern Authorization for Developers

Answering audience questions on authorization best practices
18:44 MIN

Answering audience questions on authorization best practices

Un-complicate authorization maintenance

Q&A on career path and the future of passwordless
11:03 MIN

Q&A on career path and the future of passwordless

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Unifying tools with a centralized authentication system
05:40 MIN

Unifying tools with a centralized authentication system

Starting business without breaking the bank: Self hosted OSS productivity ecosystem

Replacing long-lived credentials with short-lived tokens
01:32 MIN

Replacing long-lived credentials with short-lived tokens

Supply Chain Security and the Real World: Lessons From Incidents

Bridging Web2.0 and Web3 with OpenID Connect standards
04:35 MIN

Bridging Web2.0 and Web3 with OpenID Connect standards

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Featured Partners

Related Videos

See all videos
Keycloak case study: Making users happy with service level indicators and observability
27:15

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

Keymate – Modern Authorization for Developers
06:04

Keymate – Modern Authorization for Developers

Halil Özkan

Going Beyond Passwords: The Future of User Authentication
27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems
29:31

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Adam Larter

Un-complicate authorization maintenance
1:00:00

Un-complicate authorization maintenance

Alex Olivier

Accelerating Authentication Architecture: Taking Passwordless to the Next Level
49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

Passwordless future: WebAuthn and Passkeys in practice
32:32

Passwordless future: WebAuthn and Passkeys in practice

Clemens Hübner

Secure and Accessible Login Systems - Ramona Schwering
24:39

Secure and Accessible Login Systems - Ramona Schwering

Ramona Schwering

Related Articles

View all articles
Daniel Cranney
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Inside last week’s Dev Digest 214 . 🕵️ Claude source code leaked, analysed and re-written in 2 days 🐙 GitHub auto-opts users into feeding their code to train their AI 🌐 Pretext shows how to show complex text rendering in the browser 🤖 How to securin...
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025

From learning to earning

Jobs that call for the skills explored in this talk.