Will do! I have a few more ideas for topics to cover

@@MilanJovanovicTech Awsome. Please show how to connect to a postgres database and manage user roles/permissions

Ha! I'm glad this was helpful to unblock you 😁

Great to hear!

More to come!

Glad it was helpful! And I'm glad some results are coming up for Keycloak now 😁

That could be something I cover in a future video

@@MilanJovanovicTech cookie based jwt authentication, if you could. It gives us all the security of cookie auth with the statelessness of JWTs

Great suggestion!

I think I covered refresh token in previous Keycloak video, and I have a separate one on claims transformation

Azure Container Apps?

What do you think about it?

@MilanJovanovicTech it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter can't ask more

@MilanJovanovicTech well it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter, can't ask for more.

well it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter, can't ask for more.

@MilanJovanovicTech well it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter, can't ask for more. I'm considering for applying authorization using keyclock Do you think it's worth it?

Yes, could've also used auth code flow just the same

Perhaps, we'll see

That's a good idea for a future video

It's probably the best option if you're on Azure

I mostly use Keycloak. I always had to "fight" with Identity to get it to do what I want.

Glad you think so!

Sure thing!

Looks like Metadata endpoint is unreachable

Working on it

Much appreciated!

Not sure, let's me check

Thanks!

Ok ok get out of here 😂

Typically yes, you'd have a proxy/gateway in front all your services

As soon as possible!

This is much simpler for demos

Sure, sure

Yeah, good suggestion. Thanks!

Damn, that is a great question. I don't have an answer right now, but let's see if I can dig up some docs.

Yes we can, adding that to the list

Yes. It'll be very similar to this, with just copying the auth config in a few services.

@@MilanJovanovicTechThat would be great

I'm not sure what you're asking here

Do you have it figured out now?

@@MilanJovanovicTech not yet. i'm trying to configure .net core back end and angular front but errors is confusing.

Any time

Because these containers are in a docker network

Both the API and Keycloak are running inside Docker Compose, which automatically sets up an internal Docker network. Within this network, each container (in this case, the API and Keycloak) has its own isolated "localhost" that refers only to itself. To enable communication between containers, you need to use the service names defined in the Docker Compose file. These service names act as hostnames, allowing the containers to find and communicate with each other. So instead of using "localhost" to connect to Keycloak, we need to use the Keycloak service name from the Docker Compose file. This is because "localhost" within the API container refers only to the API itself, not to other containers like Keycloak. Enjoy this visual representation: Host Machine → [ Docker Network { API Container Keycloak Container } ]

OK. Thanks. I also guess that 'iss' address (localhost:18080) in token keycloak takes automatically from client request, because it has no access to this adress itself.

Check here: www.keycloak.org/server/db

@@MilanJovanovicTech thanks! btw do you know if there is a way to custumize the view screen where keycloak asks for credentials?

Yes, but it's a bit tricky. You should be able to configure Swagger UI to fetch the Open API descriptions from the downstream APIs.

On my list

You bet

Code is here: www.patreon.com/milanjovanovic

We could use it, but we're still exposing the secret on the UI

You must've done something different

Антон, как починил?)

а то я с этой штукой уже устал. Буду рад, если подскажешь)

Yeah I got the same

@goodgod17 have you managed to fix the issue

This code is Patreon-only

That's quite unique 🤔