You're reading from Keycloak - Identity and Access Management for Modern Applications Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 protocols to secure applications

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781800562493

Length 362 pages

Edition 1st Edition

Tools

Docker

Concepts

System Administration

Authors (2):

Pedro Igor Silva

Stian Thorgersen

Preface

1. Section 1: Getting Started with Keycloak

2. Chapter 1: Getting Started with Keycloak FREE CHAPTER

3. Chapter 2: Securing Your First Application

4. Section 2: Securing Applications with Keycloak

5. Chapter 3: Brief Introduction to Standards

6. Chapter 4: Authenticating Users with OpenID Connect

7. Chapter 5: Authorizing Access with OAuth 2.0

8. Chapter 6: Securing Different Application Types

9. Chapter 7: Integrating Applications with Keycloak

10. Chapter 8: Authorization Strategies

11. Section 3: Configuring and Managing Keycloak

12. Chapter 9: Configuring Keycloak for Production

13. Chapter 10: Managing Users

14. Chapter 11: Authenticating Users

15. Chapter 12: Managing Tokens and Sessions

16. Chapter 13: Extending Keycloak

17. Section 4: Security Considerations

18. Chapter 14: Securing Keycloak and Applications

19. Assessments

20. Other Books You May Enjoy

Chapter 8

When you put data into tokens, they actually grow disproportionately in size. One option to help here is to include only the minimum information that your application needs, and for additional information, to use the token introspection endpoint. The drawback is that your application will need an additional request to Keycloak when serving requests.
You should also consider disabling the Full Scope Allowed setting in your client settings, so that only information relevant to your client is included in tokens.
Realm roles should be used to represent the user's role within an organization. These roles have the same semantics regardless of the clients created in a realm.
On the other hand, the semantics for a client role are specific to the client they belong to.
In this chapter, we created a realm role and a client role using the same name: manager. While the realm role could represent users with the role of manager in an organization, the manager client...