Book Image

Keycloak - Identity and Access Management for Modern Applications

By : Stian Thorgersen, Pedro Igor Silva
Book Image

Keycloak - Identity and Access Management for Modern Applications

By: Stian Thorgersen, Pedro Igor Silva

Overview of this book

Implementing authentication and authorization for applications can be a daunting experience, often leaving them exposed to security vulnerabilities. Keycloak is an open-source solution for identity management and access management for modern applications, which can make a world of difference if you learn how to use it. Keycloak, helping you get started with using it and securing your applications. Complete with hands-on tutorials, best practices, and self-assessment questions, this easy-to-follow guide will show you how to secure a sample application and then move on to securing different application types. As you progress, you will understand how to configure and manage Keycloak as well as how to leverage some of its more advanced capabilities. Finally, you'll gain insights into securely using Keycloak in production. By the end of this book, you will have learned how to install and manage Keycloak as well as how to secure new and existing applications.
Table of Contents (21 chapters)
1
Section 1: Getting Started with Keycloak
4
Section 2: Securing Applications with Keycloak
11
Section 3: Configuring and Managing Keycloak
17
Section 4: Security Considerations

Chapter 6: Securing Different Application Types

In this chapter, we will first begin by understanding whether the application we want to secure is an internal or external application. Then, we will look at how to secure a range of different application types, including web, native, and mobile applications. We will also look at how to secure REST APIs and other types of services with bearer tokens.

By the end of this chapter, you will have learned the principles and best practices behind securing different types of applications. You will understand how to secure web, mobile, and native applications, as well as how bearer tokens can be used to protect any type of service, including REST APIs, gRPC, WebSocket, and other types of services.

In this chapter, we're going to cover the following main topics:

  • Understanding internal and external applications
  • Securing web applications
  • Securing native and mobile applications
  • Securing REST APIs and services
...