Ha! I'm glad this was helpful to unblock you 😁

Great to hear!

Will do! I have a few more ideas for topics to cover

@@MilanJovanovicTech Awsome. Please show how to connect to a postgres database and manage user roles/permissions

Glad it was helpful! And I'm glad some results are coming up for Keycloak now 😁

More to come!

I think I covered refresh token in previous Keycloak video, and I have a separate one on claims transformation

What do you think about it?

@MilanJovanovicTech it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter can't ask more

@MilanJovanovicTech well it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter, can't ask for more.

well it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter, can't ask for more.

@MilanJovanovicTech well it's offering so many benefits and suitable for microservices imo while everyone struggling with clouds alternative, it's free and could be run as a isolated containter, can't ask for more. I'm considering for applying authorization using keyclock Do you think it's worth it?

That could be something I cover in a future video

@@MilanJovanovicTech cookie based jwt authentication, if you could. It gives us all the security of cookie auth with the statelessness of JWTs

Sure thing!

Working on it

You're welcome!

Much appreciated!

Ok ok get out of here 😂

Great suggestion!

Azure Container Apps?

Yes, could've also used auth code flow just the same

Perhaps, we'll see

Glad you think so!

Because these containers are in a docker network

Both the API and Keycloak are running inside Docker Compose, which automatically sets up an internal Docker network. Within this network, each container (in this case, the API and Keycloak) has its own isolated "localhost" that refers only to itself. To enable communication between containers, you need to use the service names defined in the Docker Compose file. These service names act as hostnames, allowing the containers to find and communicate with each other. So instead of using "localhost" to connect to Keycloak, we need to use the Keycloak service name from the Docker Compose file. This is because "localhost" within the API container refers only to the API itself, not to other containers like Keycloak. Enjoy this visual representation: Host Machine → [ Docker Network { API Container Keycloak Container } ]

OK. Thanks. I also guess that 'iss' address (localhost:18080) in token keycloak takes automatically from client request, because it has no access to this adress itself.

Check here: www.keycloak.org/server/db

@@MilanJovanovicTech thanks! btw do you know if there is a way to custumize the view screen where keycloak asks for credentials?

Yeah, good suggestion. Thanks!

That's a good idea for a future video

Thanks!

Yes, this makes sense. But we have to make sure that the internal APIs can't be accessed from the outside world. Otherwise, we'd be introducing a security risk.

It's probably the best option if you're on Azure

I'm not sure what you're asking here

Not sure, let's me check

You bet

Yes. It'll be very similar to this, with just copying the auth config in a few services.

@@MilanJovanovicTechThat would be great

I mostly use Keycloak. I always had to "fight" with Identity to get it to do what I want.

Currently, all code is shared here: www.patreon.com/milanjovanovic

Any time

Yes, but it's a bit tricky. You should be able to configure Swagger UI to fetch the Open API descriptions from the downstream APIs.

We could use it, but we're still exposing the secret on the UI

Looks like Metadata endpoint is unreachable

@@MilanJovanovicTech Same issue, how to fix this? I have a dockerised setup

Typically yes, you'd have a proxy/gateway in front all your services

This is much simpler for demos

Yes we can, adding that to the list

On my list

Damn, that is a great question. I don't have an answer right now, but let's see if I can dig up some docs.

Sure, sure

You must've done something different

Антон, как починил?)

а то я с этой штукой уже устал. Буду рад, если подскажешь)

Yeah I got the same

@goodgod17 have you managed to fix the issue

You can customize the login screen to make it look identical to your website. If not - you can implement the OAuth flow yourself

@MilanJovanovicTech Alright. Please try to cover this part in another keycloak video. It's indeed very robust

Do you have it figured out now?

@@MilanJovanovicTech not yet. i'm trying to configure .net core back end and angular front but errors is confusing.

As soon as possible!

Code is here: www.patreon.com/milanjovanovic

This code is Patreon-only

That's quite unique 🤔