Alexander Schwartz

Delegating the chores of authenticating users to Keycloak

Stop building user authentication. Learn how to delegate the chores of registration, password resets, and session management to Keycloak and focus on your core application.

Delegating the chores of authenticating users to Keycloak
#1about 3 minutes

Understanding the complexities of modern user authentication

Delegating authentication is necessary because it involves more than just a login form, including registration, password recovery, and multi-factor authentication.

#2about 2 minutes

Introducing the key players in an OIDC ecosystem

The OpenID Connect architecture consists of three main actors: the end-user, the OpenID Provider like Keycloak, and the client application or relying party.

#3about 6 minutes

Using OIDC prompts for different user actions

Applications can use specific OIDC prompt parameters to check login status, initiate user registration, or trigger a standard login.

#4about 3 minutes

Handling session state, tokens, and user information

OpenID Connect provides standard endpoints and flows for checking session status with iframes, refreshing expired tokens, fetching user data, and securely logging out.

#5about 1 minute

Implementing step-up authentication for sensitive actions

Use Authentication Context Class Reference (ACR) values to request a higher level of assurance, such as a second factor, for critical operations.

#6about 3 minutes

Leveraging Keycloak's application-initiated actions

Keycloak's application-initiated actions allow you to redirect users to specific pages for tasks like updating their profile, changing a password, or verifying an email address.

#7about 2 minutes

Configuring user profiles for incremental data collection

Keycloak's user profile feature enables defining custom user attributes and using scopes to implement incremental profiling, collecting data only when an application requires it.

#8about 3 minutes

Customizing login flows and exploring further capabilities

Beyond standard authentication, Keycloak allows for customizing login flows to restrict client access and provides built-in support for features like password resets and remember me.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Establishing a single source of truth for all data
02:39 MIN

Establishing a single source of truth for all data

Cat Herding with Lions and Tigers - Christian Heilmann

Why HR struggles with technology implementation and adoption
04:22 MIN

Why HR struggles with technology implementation and adoption

What 2025 Taught Us: A Year-End Special with Hung Lee

Breaking down silos between HR, tech, and business
03:39 MIN

Breaking down silos between HR, tech, and business

What 2025 Taught Us: A Year-End Special with Hung Lee

Automating formal processes risks losing informal human value
03:48 MIN

Automating formal processes risks losing informal human value

What 2025 Taught Us: A Year-End Special with Hung Lee

Featured Partners

Related Videos

See all videos
Keycloak case study: Making users happy with service level indicators and observability27:15

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

Keymate – Modern Authorization for Developers06:04

Keymate – Modern Authorization for Developers

Halil Özkan

Un-complicate authorization maintenance1:00:00

Un-complicate authorization maintenance

Alex Olivier

Going Beyond Passwords: The Future of User Authentication27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Passwordless future: WebAuthn and Passkeys in practice32:32

Passwordless future: WebAuthn and Passkeys in practice

Clemens Hübner

Accelerating Authentication Architecture: Taking Passwordless to the Next Level49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems29:31

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Adam Larter

Passwordless Web 1.530:21

Passwordless Web 1.5

Paweł Łukaszuk

Related Articles

View all articles

From learning to earning

Jobs that call for the skills explored in this talk.