Introduction
Code samples
https://github.com/stokilo/notes-website
Running Keycloak docker container
Loading...Access Keycloak Admin Panel under docker
username: admin
password: admin
Key Concepts Refresher:
| Component | Description |
|---|---|
| Authorization Server (AS) | Keycloak itself. Manages users, clients, roles, and issues tokens. |
| Resource Server (RS) | An API or service that protects resources and requires a valid access token to grant access. |
| Client | An application that requests access tokens from the Authorization Server (Keycloak) to access resources on a Resource Server, often on behalf of a user. |
| Resource Owner | The user who grants permission to the client. |
Access Types Refresher:
| Client Type | Description |
|---|---|
| Confidential | Clients that can securely store a secret (e.g., server-side applications like Spring Boot). Can use flows that require a client secret. |
| Public | Clients that cannot securely store a secret (e.g., JavaScript SPAs, mobile apps). Should use PKCE (Proof Key for Code Exchange) with the Authorization Code Grant. |
| Bearer-only | For clients that only act as Resource Servers. They never initiate login flows themselves but only verify bearer tokens. Useful for securing APIs. Disables all options for obtaining tokens. |
| Note | If your Spring Boot app is only a Resource Server, its corresponding client in Keycloak should be set to bearer-only. |
