Aug 24, 2020 · by Mariana Castro Evans

Exploring Authentication and Authorization with Keycloak

Sharing gained knowledge with the IT community

As Software Engineers, we constantly have to provide solutions. The problem is that sometimes we are not that familiar with the specific subject that we need to find a solution for. This exact scenario occurred in the summer of 2020, as a team and I were working on an internal project. We needed to program a solution for authentication and authorization and, as none of us had much experience in those areas, in order to provide an effective solution we invested time in researching. Afterwards, I was able to share a bit of what I learned with the tech community, both at the JUMP Conference and also at a webinar hosted by Women Who Code, Buenos Aires.

Quick & Concise

My first experience sharing my new knowledge with the tech community was at the JUMP Conference, an event organized by Media Chicas, a non-profit organization that promotes diversity in the tech industry. The event, which had to become virtual due to the COVID-19 pandemic, was an eleven-hour-long YouTube stream where many speakers shared their insights on various topics. In my case, I participated as a speaker in a lightning talk, which meant I had to present everything in only fifteen minutes. Summing up hours of research in a fifteen minute talk can be a bit of a challenge, but at the same time forced me to be concise. 

I was able to talk about authorization and authentication and present Keycloak, an open source identity and access management solution. The main concepts discussed were: 

  • Basic security concepts: authentication, authorization and access delegation
  • OAuth, OpenID Connect, and JWT as the most popular security standards
  • Keycloak as an open source solution for security

 

An In-Depth Presentation

The other experience was the webinar hosted by the WWC Buenos Aires. In this case, attendees had specifically signed up for this topic, so the format of the talk was long, technical and more in-depth. Having a substantial amount of time allowed me to share more theoretical content, and I was able to show some examples of code, for instance the configuration needed to secure an Angular App with OAuth and OpenID Connect:

I was also able to answer some questions, such as: 

  • Q: What do I need to know to secure my application?
    A: It is very important to get to know all the standards that you are going to use, so that you can design your security based on the best practices recommended by them.
  • Q: Can I use Postman to test my security?
    A: If what you’ve secured is an API, then yes, Postman is a tool that will help you test it.

While the webinar was taking place, the hosts from the WWC were listening carefully and posting summaries on their Twitter account. It was very rewarding to see that they were understanding everything perfectly and also sharing it with the IT community.

Learning new things is common for Software Engineers. Sometimes knowing little about a subject and being forced to learn more in-depth can become an opportunity to not only increase your technical background and experience, but also to share and help others in the tech community grow. 

Mariana Castro Evans

Mariana Castro Evans

Software Engineer
Mariana is a Software Engineer with over five years of experience as a .NET developer.
Mariana Castro Evans

Latest posts by Mariana Castro Evans

Share This Article

Post A Comment