Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
Section 1: Getting Started with Keycloak
Section 2: Securing Applications with Keycloak
Section 3: Configuring and Managing Keycloak
Section 4: Security Considerations

Authorizing application access with OAuth 2.0

OAuth 2.0 is by now a massively popular industry-standard protocol for authorization.

At the heart of OAuth 2.0 sits the OAuth 2.0 framework, which has enabled a whole ecosystem of websites to integrate with each other. Prior to OAuth 2.0 there was OAuth 1, as well as more bespoke solutions to allow third-party applications to access data on behalf of the user, but these approaches were complex or not easily interoperable. With OAuth 2.0, sharing user data to third-party applications is easy, doesn't require sharing user credentials, and allows control over what data is shared.

OAuth 2.0 is not only useful when dealing with third-party applications. It is also incredibly useful for limiting access to your own applications. Just as it wasn't uncommon for third-party applications to ask for your username and password to other sites, this was a common pattern within the enterprise as well. Applications would, for example, ask...