Keycloak uses token-based security protocols. In order to understand how they work, we will introduce basic information about them.
In applications that are built using the client-server architecture, the server is often responsible for implementing security. A client provides credentials to the server, which is responsible for authenticating and authorizing users.
This model doesn't work well with distributed applications that require over-the-network invocations between a number of independent services.
First of all, an architecture in which each service is responsible for implementing security is unscalable. We would preferably like to create a server that is responsible for keeping the...