I know this video has aged somewhat, but I was able to access the token through the getToken method just fine. To be honest, if it wouldn't work on the server, the utility wouldn't make much sense, especially the way the example is configured (the request object is a dead giveaway that this lives on the server). Otherwise, the video was very informative, and I really appreciate that you took the time to put this together. As others have mentioned, there isn't a lot out there in the way of examples of what a complete implementation should look like using these technologies.
Awesome video, thank you a lot for this! I have one doubt: When the cookie is manually deleted, until the application is F5ed, the content is not properly restricted. For example, with the /products page yes, but with the /products/create page no. Is there a way to make that when the nextauth cookie ceases to exist, it simply logout?
Thanks for your tutorials👏👏 Why do we connect to the keycloak server from the front-end side? If there is an external authentication-authorization service on the backend side and all front-end (mobile client, react client etc.) connect to this external service and do token retrieval from there. So only this service will be connected to the keycloak service. What are the pros and cons of this approach?
Thanks for your comment! The nature of the Authorization Code flow requires things to be setup this way, with the frontend connecting directly to the auth server. Please look for articles on how the Authorization Code flow works in the Oauth2 RFC, it will become more clear.
Muito obrigado por compartilhar esse conhecimento incrivel. Você me ajudou muito com esse tutorial, muito bem explicado e didatico. Parabéns pelo seu trabalho!
Thanks a lot, excellent tutorial, I'm having problems with keycloak when migrating from 12 to 13. Can you please showing how can we auto redirect to keycloak login page when user access our page ?
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?
@DoubleDashHelp, I really appreciated your video on Keycloak! I've been trying to delve deeper into its capabilities, especially regarding the integration of the Prisma Adapter, Group/Roles management, and Policy Enforcement all within Keycloak. I've encountered a challenge with Group and Roles. After setting up the Prisma Adapter to extend the user's profile, I noticed the account table doesn't update the access token. If I reassign a user to a different group/role in Keycloak, their account details remain unchanged. My workaround has been to delete the user's entry in the account table upon signout, ensuring a new account is created upon their next login. However, I'm curious if you've found a more efficient solution? Thanks in advance for any insights!
Do you have any samples of how I set it up to use keycloak without the redirect page? I need to get a token from a public client (I dont need to send the secret id) tks
But what if i closed my browser, will it still work. When i closed my browser, session is killed after token expires because it couldn't get update session
Access token is automatically updated through the refresh token process If you want to force token refresh before it expire, the user have to logout and login again.. Personnaly i don't see any relevant thing doing this
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?
This is amazing, nowhere else could i find anything resembling this level of quality on Keycloak + Next! Thank you!
That's an excellent tutorial. Much better than 90% of what I can find in the internet. Thank you very much!
You are a hero for this! Excellent tutorial and great job explaining all the detail and painting a full picture. 5/5 stars!
This tutorial was really helpful and very clearly explained. Thank you and I hope you create more awesome videos in the future, Leo!
I like your content style-straight to the point.
A very well done tutorial,
you explain key points very clearly with great details, thank you for your effort.
Obrigado, Não tinha achado nada assim na internet, thanks from brazil !!
Very Clear, and Very well explained! Thank you!
I know this video has aged somewhat, but I was able to access the token through the getToken method just fine. To be honest, if it wouldn't work on the server, the utility wouldn't make much sense, especially the way the example is configured (the request object is a dead giveaway that this lives on the server). Otherwise, the video was very informative, and I really appreciate that you took the time to put this together. As others have mentioned, there isn't a lot out there in the way of examples of what a complete implementation should look like using these technologies.
Thanks for sharing and great material!
Great video. Any chance you would do a follow-up video using next-auth v5 and lessons learned regarding access-token?
great guide, straight to the point, would like to buy you a beer or something if you have a link
Your video helped me a lot. Thanks, keep up the good work! 😀
This is awesome! thank you
Very useful Thanks!
Awsome, thank you!
Awesome video, thank you a lot for this! I have one doubt: When the cookie is manually deleted, until the application is F5ed, the content is not properly restricted. For example, with the /products page yes, but with the /products/create page no. Is there a way to make that when the nextauth cookie ceases to exist, it simply logout?
Thank you! Excellent
Hello, awesome work,
could you please commit demo-frontend (client) configurations of keycloak?
thank you Could you please show me how to store the data in golang in postgresql ?
Thanks for your tutorials👏👏 Why do we connect to the keycloak server from the front-end side? If there is an external authentication-authorization service on the backend side and all front-end (mobile client, react client etc.) connect to this external service and do token retrieval from there. So only this service will be connected to the keycloak service. What are the pros and cons of this approach?
Thanks for your comment! The nature of the Authorization Code flow requires things to be setup this way, with the frontend connecting directly to the auth server.
Please look for articles on how the Authorization Code flow works in the Oauth2 RFC, it will become more clear.
is it possible to use the role/group from keycloak how it works ?
can you integrate it with krakend for the gateway ?
thank you for this awesome tutorial. is there any keycloak plugin for Strapi CMS?
Muito obrigado por compartilhar esse conhecimento incrivel. Você me ajudou muito com esse tutorial, muito bem explicado e didatico. Parabéns pelo seu trabalho!
Meu , tu salvou meu dia !
Não poderia criar exemplo para o web3?
Thanks a lot, excellent tutorial, I'm having problems with keycloak when migrating from 12 to 13. Can you please showing how can we auto redirect to keycloak login page when user access our page ?
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?
@DoubleDashHelp, I really appreciated your video on Keycloak! I've been trying to delve deeper into its capabilities, especially regarding the integration of the Prisma Adapter, Group/Roles management, and Policy Enforcement all within Keycloak.
I've encountered a challenge with Group and Roles. After setting up the Prisma Adapter to extend the user's profile, I noticed the account table doesn't update the access token. If I reassign a user to a different group/role in Keycloak, their account details remain unchanged. My workaround has been to delete the user's entry in the account table upon signout, ensuring a new account is created upon their next login. However, I'm curious if you've found a more efficient solution?
Thanks in advance for any insights!
Do you have any samples of how I set it up to use keycloak without the redirect page? I need to get a token from a public client (I dont need to send the secret id) tks
Hi , could you please post how to use keyclock next js client
awsome!
But what if i closed my browser, will it still work.
When i closed my browser, session is killed after token expires because it couldn't get update session
how can we update the token if there are client side data fetching
Access token is automatically updated through the refresh token process
If you want to force token refresh before it expire, the user have to logout and login again.. Personnaly i don't see any relevant thing doing this
It feels bad to go from client to next server to go server. At least when I have big traffic this could cause a bottleneck
you cant create an auth with custom form
Keycloak will let you customize it own theme.. Can take a look a keyclokify if using react of you will oblige to work with it .ftl files
@@raoufcode i know. But for Vue i dont see some variant
await getAccessToken each time when i send request in bad idea
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?