Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Further episodes planned? #1

Open
norricorp opened this issue Aug 21, 2019 · 4 comments
Open

Further episodes planned? #1

norricorp opened this issue Aug 21, 2019 · 4 comments

Comments

@norricorp
Copy link

Hi Thomas,
Do you have plans to add spring security to your demo with keycloak?
Regards
John

@ThomasVitale
Copy link
Owner

Hi @norricorp,
thanks for asking. Right now I'm updating the extisting articles after the release of Keycloak 7.
Then, in the next 2-3 weeks I'm going to publish a few more articles about Keycloak clients and how to configure them to use the different OAuth 2.0 flows. After that, I will finally get to talk about using Keycloak with Spring Security.
Thanks for your patience.

Best,
Thomas

@norricorp
Copy link
Author

norricorp commented Oct 2, 2019 via email

@ThomasVitale
Copy link
Owner

Hi @norricorp,
eventually I got to publish the article about Spring Security: Spring Security and Keycloak to Secure a Spring Boot Application.

About your question: I think there are different ways to achieve the customization you need.

For some scenarios it might be enough to have a default role assigned automatically to new users.

In some other cases, you might want to customize the registration flow and the registration form.

If you need an even higher degree of control, then you might want to leverage the Keycloak Admin REST API. So, you would implement your own registration logic in your application server and contact Keycloak by using the REST API to perform the actions required by your logic. The API documentation covers all the features offered by the API.

@norricorp
Copy link
Author

Hi Thomas,
thanks for this. I decided that with regard to registration I think it is better to handle registration myself, then I can update the apps internal files as well as update keycloak.
Out of interest have you used keycloak with csrf. I am trying to get curl to work with both. I can get the oauth2 token and the csrf token but the latter is not appearing in the cookie file.
Regards,
John

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants