Halil Özkan

Keymate – Modern Authorization for Developers

Authorization logic doesn't belong in your code. Learn how to externalize access control to your infrastructure with zero rewrites and no migrations.

Keymate – Modern Authorization for Developers
#1about 2 minutes

The challenges of traditional in-code authorization logic

Hardcoded authorization checks quickly become unscalable and untestable, leading to a problem known as role explosion.

#2about 1 minute

Introducing Keymate for zero-rewrite authorization on Keycloak

Keymate extends Keycloak to provide fine-grained authorization without requiring application rewrites or data migration from existing identity providers.

#3about 1 minute

Externalizing authorization with service mesh and API gateways

Moving authorization logic out of the application code and into the infrastructure layer like a service mesh allows developers to focus on business logic.

#4about 1 minute

Using SDKs for optional fine-grained in-code control

For cases requiring more control, Keymate provides SDKs for Java, .NET, and JavaScript that support both REST and gRPC protocols.

#5about 1 minute

Leveraging an event-driven architecture for observability

Keymate is built on an event-driven model and uses OpenTelemetry to provide observability and enable parallel runs with existing systems for smooth migration.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

An overview of Keycloak for identity management
02:43 MIN

An overview of Keycloak for identity management

Keycloak case study: Making users happy with service level indicators and observability

A modern approach using a decoupled authorization service
05:18 MIN

A modern approach using a decoupled authorization service

Un-complicate authorization maintenance

Implementing the authentication and authorization workflow
11:43 MIN

Implementing the authentication and authorization workflow

Get started with securing your cloud-native Java microservices applications

Implementing decoupled authorization with the sidecar pattern
08:02 MIN

Implementing decoupled authorization with the sidecar pattern

Un-complicate authorization maintenance

Using the open source project Cerbos for authorization
01:26 MIN

Using the open source project Cerbos for authorization

Un-complicate authorization maintenance

Introducing the key players in an OIDC ecosystem
02:10 MIN

Introducing the key players in an OIDC ecosystem

Delegating the chores of authenticating users to Keycloak

The challenges of embedding authorization in application code
03:06 MIN

The challenges of embedding authorization in application code

Decoupled Authorization using Policy as Code

Introducing Policy as Code and Open Policy Agent
06:29 MIN

Introducing Policy as Code and Open Policy Agent

Decoupled Authorization using Policy as Code

Featured Partners

Related Videos

See all videos
Un-complicate authorization maintenance1:00:00

Un-complicate authorization maintenance

Alex Olivier

Delegating the chores of authenticating users to Keycloak23:42

Delegating the chores of authenticating users to Keycloak

Alexander Schwartz

Keycloak case study: Making users happy with service level indicators and observability27:15

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

Decoupled Authorization using Policy as Code32:16

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

Application Modernization Leveraging Gen-AI for Automated Code Transformation41:17

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Syed M Shaaf

Kalo: From Code Chaos to One-Click Polyglot Codegen05:40

Kalo: From Code Chaos to One-Click Polyglot Codegen

Brennan Nunamaker

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue23:29

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Deepu

Get started with securing your cloud-native Java microservices applications1:48:32

Get started with securing your cloud-native Java microservices applications

Thomas Südbröcker

Related Articles

View all articles
DC
Daniel Cranney
Why Attend a Developer Event?
Modern software engineering moves too fast for documentation alone. Attending a world-class event is about shifting from tactical execution to strategic leadership. Skill Diversification: Break out of your specific tech stack to see how the industry...
Why Attend a Developer Event?
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025

From learning to earning

Jobs that call for the skills explored in this talk.