Delegating authentication is necessary because it involves more than just a login form, including registration, password recovery, and multi-factor authentication.
The OpenID Connect architecture consists of three main actors: the end-user, the OpenID Provider like Keycloak, and the client application or relying party.
Applications can use specific OIDC prompt parameters to check login status, initiate user registration, or trigger a standard login.
OpenID Connect provides standard endpoints and flows for checking session status with iframes, refreshing expired tokens, fetching user data, and securely logging out.
Use Authentication Context Class Reference (ACR) values to request a higher level of assurance, such as a second factor, for critical operations.
Keycloak's application-initiated actions allow you to redirect users to specific pages for tasks like updating their profile, changing a password, or verifying an email address.
Keycloak's user profile feature enables defining custom user attributes and using scopes to implement incremental profiling, collecting data only when an application requires it.
Beyond standard authentication, Keycloak allows for customizing login flows to restrict client access and provides built-in support for features like password resets and remember me.
27:15Alexander Schwartz
27:55Gift Egwuenu
06:04Halil Özkan
29:31Adam Larter
1:00:00Alex Olivier
32:32Clemens Hübner
49:52Yedidya Schwartz
30:21Paweł Łukaszuk
Jobs that call for the skills explored in this talk.
Westhouse Consulting GmbH