Authorization Server (Keycloak)

The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

Keycloak

Keycloak is an open-source Identity and Access Management solution administered by RedHat, and developed in Java by JBoss. More documentation about Keycloak can be found here. A code sample of an embedded server (Spring Boot) can be found here.

Note: the server could be running on a VM or something in a standalone mode and configured using the Admin Console. This process is described here. I chose de deploy it in a Spring Boot embedded application to make the deployment process easier.

Configuration in the Admin Console

Some core concepts need to be understood to configure the server properly. They are explained here.

The embedded server is created using a realm import file. The file is in the project repository and can be found in resources/journal-de-bord-realm.json file.

Identity Providers

I would like to enable login with Google. Here are the steps to follow.

It is possible to add a Google button, resources are provided by Google here.

https://developers.google.com/identity/sign-in/web/build-button

Theme customization

It is possible to customize the look and feel of the Keycloak GUI. Here are two key tutorials:

• https://www.baeldung.com/spring-keycloak-custom-themes (explains how theme are added in an embedded server)

• https://www.baeldung.com/keycloak-custom-login-page (customize the login page)

Pour modifier la page il suffit de copier le style de base (que l’on trouve ici), la documentation officielle sur les themes est ici.

https://developers.google.com/identity/sign-in/web/build-button

Deployment

https://elements.heroku.com/buttons/mieckert/keycloak-heroku

Environment variables

The server configuration is the following…