Great tutorial as far as it goes. But a normal Spring Boot application handles retrieving the access code and adding the authorization header as part of the OIDC flow. Can you please provide code that handles this? I have tried but can't get the properties right. Thanks!
why i get this error msg when i put kc.bat start-dev after doing all steps that you did before ,this is an error from cmd C:\Program Files\Java\keycloak-21.0.0\bin>kc.bat start-dev Unrecognized option: --add-opens=java.base/java.util=ALL-UNNAMED Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit.
This type of application is mainly used, for example, when you work for a company and have a Microsoft account provided by them. The company may have multiple systems, and by using the provided account (email), you can log in to these systems if you have the necessary permissions. However, you can also be redirected to the original registration page(for registration).
How can I invalidate a token in backend service after logging out from keycloak server. User logged out from frontend service, frontend service calls keycloak server, now how can i configure keycloak to revoke the token from all backend service?
After the user logs out and is redirected back to your frontend service, the frontend should no longer have access to the user's tokens. Keycloak has a token revocation endpoint (/auth/realms/{realm}/protocol/openid-connect/logout) that allows you to revoke tokens explicitly. You can make a POST request to this endpoint with the user's token to revoke it.
test POST, PUT, DELETE, requests using a web browser, not as straightforward as testing GET requests. Browsers are primarily designed for displaying web content and rendering HTML, so they don't have built-in features for easily sending POST, PUT, DELETE requests with custom data.
You are saving my job, I am fresher ,I learn lots of things in this video , this is very useful video
great bro.! very descriptive demo ,keep it up
Thank you from the bottom of heart! Keep it up!
Keep it up😇
thank you very much
Great tutorial as far as it goes. But a normal Spring Boot application handles retrieving the access code and adding the authorization header as part of the OIDC flow. Can you please provide code that handles this? I have tried but can't get the properties right. Thanks!
This is old version of Spring security, Can you make video on Spring Security > 5.5, Spring 3.0 ?
Thanks a lot. How can we access the user or token inside the controller?
thanks for helpful tutorial. Amazing!!!
why i get this error msg when i put kc.bat start-dev after doing all steps that you did before ,this is an error from cmd C:\Program Files\Java\keycloak-21.0.0\bin>kc.bat start-dev
Unrecognized option: --add-opens=java.base/java.util=ALL-UNNAMED
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
Ensure that you are using a Java version that is compatible with the version of Keycloak you are running
Thank you for this great tutorial! It was really helpful :D
Great
Hey @lambdaCode, could you please cover how to authenticate Swagger, Spring Boot with Keycloak.
How to self register if user is first time visitor in our application cause he does not have token
This type of application is mainly used, for example, when you work for a company and have a Microsoft account provided by them. The company may have multiple systems, and by using the provided account (email), you can log in to these systems if you have the necessary permissions. However, you can also be redirected to the original registration page(for registration).
How can I invalidate a token in backend service after logging out from keycloak server. User logged out from frontend service, frontend service calls keycloak server, now how can i configure keycloak to revoke the token from all backend service?
After the user logs out and is redirected back to your frontend service, the frontend should no longer have access to the user's tokens.
Keycloak has a token revocation endpoint (/auth/realms/{realm}/protocol/openid-connect/logout) that allows you to revoke tokens explicitly. You can make a POST request to this endpoint with the user's token to revoke it.
why can't i test it using my browser not postman?
test POST, PUT, DELETE, requests using a web browser, not as straightforward as testing GET requests. Browsers are primarily designed for displaying web content and rendering HTML, so they don't have built-in features for easily sending POST, PUT, DELETE requests with custom data.
and what does microservices have to do with it?
I'm stuck on the configuration class. Can someone help me understand how to set it up?
Please goto our channel github page, and find the repo, it will help you